Author Topic: [Resolved K] Advertising pop up  (Read 7327 times)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #15 on: May 02, 2011, 12:33:58 AM »
Hiya addictedtolabs,

As follows please...

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix for TDL4



Save the log as before and post in your next reply,

Kevin.

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #16 on: May 02, 2011, 09:36:56 AM »
Should I have my security system turned off during these scans?

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #17 on: May 02, 2011, 10:13:23 AM »
Hi
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 09:06:44
-----------------------------
09:06:44.953    OS Version: Windows 5.1.2600 Service Pack 3
09:06:44.953    Number of processors: 1 586 0xC00
09:06:44.953    ComputerName: JEAN-C7D733DC67  UserName: jean
09:06:47.921    Initialize success
09:06:51.796    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:06:51.796    Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
09:06:51.812    Device \Driver\atapi -> DriverStartIo 866ce532
09:06:53.906    Disk 0 MBR read successfully
09:06:53.906    Disk 0 MBR scan
09:06:53.906    Disk 0 TDL4@MBR code has been found
09:06:53.906    Disk 0 Windows XP default MBR code found via API
09:06:53.906    Disk 0 MBR hidden
09:06:53.906    Disk 0 MBR [TDL4]  **ROOTKIT**
09:06:53.906    Disk 0 trace - called modules:
09:06:53.906    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866ce6e7]<<
09:06:53.906    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672aab8]
09:06:53.906    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\00000060[0x8678cf18]
09:06:53.906    5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> [0x86786940]
09:06:54.343    \Driver\atapi[0x86758ab0] -> IRP_MJ_CREATE -> 0x866ce6e7
09:06:54.343    Scan finished successfully
09:07:09.421    Disk 0 fixing MBR
09:07:19.421    Disk 0 MBR restored successfully
09:07:19.421    Infection fixed successfully - please reboot ASAP
09:07:51.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jean\Desktop\MBR.dat"
09:07:52.093    The log file has been saved successfully to "C:\Documents and Settings\jean\Desktop\aswMBR.txt"



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #18 on: May 02, 2011, 12:42:08 PM »
Hiya addictedtolabs ,

Run the following scan please:

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.   
  • When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

 
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

Let me see the two logs produced by DDS, also give update on any issues or concerns that you have...

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #19 on: May 02, 2011, 03:12:01 PM »
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 11:41:41 AM
System Uptime: 5/2/2011 10:39:55 AM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz



.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by jean at 14:02:51.43 on Mon 05/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.561 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jean\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jean\applic~1\mozilla\firefox\profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl33c21423;MpKsl33c21423;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\MpKsl33c21423.sys [2011-5-2 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-20 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\mpksl1c95646b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\mpksl1f94acea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\mpksl70de0823.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\mpksl7e6d7dc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\mpkslfd2991ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2011-05-02 18:16:20   29544   ----a-w-   c:\program files\mozilla firefox\plugins\np_gp.dll
2011-05-02 17:40:22   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\MpKsl33c21423.sys
2011-05-02 16:37:13   7071056   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\mpengine.dll
2011-05-01 17:32:05   --------   d-sha-r-   C:\cmdcons
2011-05-01 17:21:48   98816   ----a-w-   c:\windows\sed.exe
2011-05-01 17:21:48   89088   ----a-w-   c:\windows\MBR.exe
2011-05-01 17:21:48   256512   ----a-w-   c:\windows\PEV.exe
2011-05-01 17:21:48   161792   ----a-w-   c:\windows\SWREG.exe
2011-05-01 06:46:09   --------   d-----w-   c:\docume~1\jean\applic~1\Malwarebytes
2011-05-01 06:45:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45:54   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-01 06:45:51   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14:45   --------   d-----w-   c:\docume~1\jean\applic~1\Registry Mechanic
2011-04-30 22:06:37   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-30 03:38:29   388096   ----a-r-   c:\docume~1\jean\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-30 03:38:27   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12:54   --------   d-----w-   c:\docume~1\jean\applic~1\ElevatedDiagnostics
2011-04-29 16:26:45   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26:45   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26:33   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38:51   --------   d-----w-   c:\docume~1\jean\applic~1\Sammsoft
2011-04-27 00:36:39   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35:54   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21:11   --------   d-----w-   C:\KodakESS
2011-04-26 21:00:55   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Applications
2011-04-23 00:31:54   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-23 00:31:45   781272   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-23 00:31:45   1874904   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-04-23 00:31:45   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-04-23 00:31:44   728024   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-04-23 00:31:44   1893336   ----a-w-   c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-23 00:31:44   142296   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-04-23 00:31:43   1975768   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-22 17:44:24   --------   d-----w-   C:\ea
2011-04-22 02:25:26   --------   d-----w-   c:\windows\pss
2011-04-21 05:20:40   --------   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-21 03:43:36   141792   ----a-w-   c:\windows\system32\mfevtps.exe
.
==================== Find3M  ====================
.
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-13 20:09:46   232968   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-02-13 20:09:46   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-02-13 20:09:44   232968   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11:20   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
============= FINISH: 14:03:29.50 ===============

.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 62.759 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 114.873 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP313: 2/20/2011 11:14:34 PM - Software Distribution Service 3.0
RP314: 2/21/2011 11:55:26 PM - System Checkpoint
RP315: 2/22/2011 2:57:10 PM - Software Distribution Service 3.0
RP316: 2/23/2011 3:55:25 PM - System Checkpoint
RP317: 2/23/2011 4:32:06 PM - Software Distribution Service 3.0
RP318: 2/23/2011 4:43:28 PM - Software Distribution Service 3.0
RP319: 2/24/2011 4:38:26 PM - Software Distribution Service 3.0
RP320: 2/25/2011 4:38:32 PM - Software Distribution Service 3.0
RP321: 2/26/2011 4:38:39 PM - Software Distribution Service 3.0
RP322: 2/27/2011 1:54:48 AM - Software Distribution Service 3.0
RP323: 2/28/2011 2:05:02 AM - System Checkpoint
RP324: 2/28/2011 1:06:47 PM - Software Distribution Service 3.0
RP325: 3/1/2011 1:06:46 PM - Software Distribution Service 3.0
RP326: 3/2/2011 1:07:33 PM - Software Distribution Service 3.0
RP327: 3/3/2011 1:06:45 PM - Software Distribution Service 3.0
RP328: 3/4/2011 1:06:40 PM - Software Distribution Service 3.0
RP329: 3/5/2011 1:21:28 PM - System Checkpoint
RP330: 3/6/2011 1:50:21 AM - Software Distribution Service 3.0
RP331: 3/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP332: 3/7/2011 3:20:11 AM - System Checkpoint
RP333: 3/7/2011 3:22:03 AM - Software Distribution Service 3.0
RP334: 3/8/2011 3:21:56 AM - Software Distribution Service 3.0
RP335: 3/9/2011 3:00:17 AM - Software Distribution Service 3.0
RP336: 3/9/2011 3:22:06 AM - Software Distribution Service 3.0
RP337: 3/10/2011 3:21:59 AM - Software Distribution Service 3.0
RP338: 3/11/2011 3:22:05 AM - Software Distribution Service 3.0
RP339: 3/12/2011 3:21:57 AM - Software Distribution Service 3.0
RP340: 3/13/2011 2:33:12 AM - Software Distribution Service 3.0
RP341: 3/14/2011 3:20:04 AM - System Checkpoint
RP342: 3/14/2011 3:21:51 AM - Software Distribution Service 3.0
RP343: 3/15/2011 3:22:06 AM - Software Distribution Service 3.0
RP344: 3/16/2011 3:21:55 AM - Software Distribution Service 3.0
RP345: 3/17/2011 3:35:17 AM - System Checkpoint
RP346: 3/17/2011 12:36:52 PM - Software Distribution Service 3.0
RP347: 3/18/2011 12:36:47 PM - Software Distribution Service 3.0
RP348: 3/19/2011 12:36:32 PM - Software Distribution Service 3.0
RP349: 3/20/2011 2:00:29 AM - Software Distribution Service 3.0
RP350: 3/20/2011 12:36:38 PM - Software Distribution Service 3.0
RP351: 3/21/2011 8:53:43 AM - Removed Adobe Reader 9.4.2.
RP352: 3/21/2011 8:54:09 AM - Installed Adobe Reader X (10.0.1).
RP353: 3/22/2011 9:20:23 AM - System Checkpoint
RP354: 3/22/2011 9:22:21 AM - Software Distribution Service 3.0
RP355: 3/23/2011 9:22:06 AM - Software Distribution Service 3.0
RP356: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP357: 3/24/2011 12:57:26 PM - Software Distribution Service 3.0
RP358: 3/25/2011 12:44:55 PM - Software Distribution Service 3.0
RP359: 3/26/2011 12:44:50 PM - Software Distribution Service 3.0
RP360: 3/27/2011 2:01:33 AM - Software Distribution Service 3.0
RP361: 3/27/2011 12:44:42 PM - Software Distribution Service 3.0
RP362: 3/28/2011 12:45:10 PM - Software Distribution Service 3.0
RP363: 3/29/2011 12:45:06 PM - Software Distribution Service 3.0
RP364: 3/30/2011 12:44:54 PM - Software Distribution Service 3.0
RP365: 3/31/2011 12:44:45 PM - Software Distribution Service 3.0
RP366: 4/1/2011 1:37:07 PM - System Checkpoint
RP367: 4/2/2011 9:39:02 AM - Software Distribution Service 3.0
RP368: 4/3/2011 1:58:35 AM - Software Distribution Service 3.0
RP369: 4/3/2011 9:38:58 AM - Software Distribution Service 3.0
RP370: 4/4/2011 9:38:47 AM - Software Distribution Service 3.0
RP371: 4/5/2011 9:38:51 AM - Software Distribution Service 3.0
RP372: 4/6/2011 9:38:52 AM - Software Distribution Service 3.0
RP373: 4/7/2011 9:38:53 AM - Software Distribution Service 3.0
RP374: 4/8/2011 9:38:50 AM - Software Distribution Service 3.0
RP375: 4/9/2011 9:38:51 AM - Software Distribution Service 3.0
RP376: 4/10/2011 1:58:49 AM - Software Distribution Service 3.0
RP377: 4/10/2011 9:38:58 AM - Software Distribution Service 3.0
RP378: 4/11/2011 9:39:00 AM - Software Distribution Service 3.0
RP379: 4/12/2011 9:38:40 AM - Software Distribution Service 3.0
RP380: 4/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP381: 4/14/2011 3:27:59 AM - System Checkpoint
RP382: 4/14/2011 3:30:19 AM - Software Distribution Service 3.0
RP383: 4/15/2011 3:30:20 AM - Software Distribution Service 3.0
RP384: 4/16/2011 3:58:46 AM - System Checkpoint
RP385: 4/16/2011 7:44:14 PM - Restore Operation
RP386: 4/16/2011 7:46:39 PM - Restore Operation
RP387: 4/17/2011 8:22:13 PM - System Checkpoint
RP388: 4/18/2011 10:00:53 AM - Restore Operation
RP389: 4/18/2011 10:19:13 AM - Restore Operation
RP390: 4/18/2011 10:22:09 AM - Removed Clean Run Magazine - August 2009
RP391: 4/19/2011 10:23:19 AM - System Checkpoint
RP392: 4/20/2011 11:14:31 AM - System Checkpoint
RP393: 4/20/2011 10:20:32 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP394: 4/21/2011 3:59:55 PM - Restore Operation
RP395: 4/21/2011 9:20:04 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP396: 4/25/2011 4:46:34 AM - System Checkpoint
RP397: 4/26/2011 2:00:54 PM - Installed Microsoft Easy Assist v2
RP398: 4/27/2011 8:09:12 PM - System Checkpoint
RP399: 4/28/2011 1:25:16 PM - Installed Microsoft Fix it 50362
RP400: 4/29/2011 8:38:30 AM - ARO 2011 - Before Installation
RP401: 4/29/2011 8:39:00 AM - ARO 2011 - FIRST RUN
RP402: 4/29/2011 9:08:35 AM - Installed Microsoft Fix it 50202
RP403: 4/29/2011 8:38:26 PM - Installed HiJackThis
RP404: 4/30/2011 10:33:21 PM - System Checkpoint
RP405: 5/1/2011 4:53:58 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Amazon Kindle For PC
Any Video Converter 3.1.6
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Bing Bar
Bing Bar Platform
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon i860
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Definition update for Microsoft Office 2010 (KB982726)
Driver Detective
Foxit Creator
Foxit Reader
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ieSpell
Internet Explorer (Enable DEP)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OverDrive Media Console
PhotoStitch
QuickTime
RAW Image Task
RemoteCapture Task
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sony USB Driver
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 1.1.7
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
WinRAR archiver
Xvid 1.1.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
5/1/2011 9:54:13 AM, error: Print [6161]  - The document http://spywarehammer.com/simplemachinesforum/index.php?topic=10 owned by jean failed to print on printer Canon i860. Data type: NT EMF 1.008. Size of the spool file in bytes: 7340032. Number of bytes printed: 993404. Total number of pages in the document: 22. Number of pages printed: 2. Client machine: \\JEAN-C7D733DC67. Win32 error code returned by the print processor: 122 (0x7a).
5/1/2011 9:26:06 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
5/1/2011 7:29:27 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
5/1/2011 4:12:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/30/2011 5:27:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
4/30/2011 11:58:15 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/29/2011 3:30:26 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:45:51 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:41:40 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 7:57:43 AM, error: Dhcp [1002]  - The IP address lease 72.220.58.4 for the Network Card with network address 0011D82DCB66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/27/2011 7:39:59 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 6:57:44 AM, error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
4/26/2011 9:23:07 PM, error: Service Control Manager [7023]  - The srv774 service terminated with the following error:  The specified module could not be found.
4/26/2011 4:08:07 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:38 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:05:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 10:39:36 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/26/2011 10:36:01 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #20 on: May 02, 2011, 03:52:25 PM »
Hiya addictedtolabs

  • Re-run Malwarebytes and check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the log from Malwarebytes, also tell me if you have any remaining issues or concercerns...

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #21 on: May 02, 2011, 05:04:02 PM »
 :p
Does this mean we are fixed!!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6493

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/2/2011 3:58:19 PM
mbam-log-2011-05-02 (15-58-19).txt

Scan type: Quick scan
Objects scanned: 158923
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #22 on: May 02, 2011, 05:10:20 PM »
How is your system responding, any issues?

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #23 on: May 02, 2011, 06:36:58 PM »
 :ty
Unbelievable 2 weeks of frustration and we are up and running. Cant thank you enough. Kody and Bailey are very relieved.
Cheers,
Jean

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #24 on: May 03, 2011, 01:07:06 AM »
Hiya Jean,

Not quite finished, there are remnants from old security programs running on your system. McAfee, Stopzilla, Registry Mechanic and Vipre, these may cause issues with your own security programs.

As follows please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]

KillAll::
DirLook::
C:\ea
File::
c:\windows\system32\mfevtps.exe
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\sbbd.exe
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\mfevtps.exe
Folder::
c:\docume~1\jean\applic~1\Registry Mechanic
c:\docume~1\alluse~1\applic~1\PC Tools
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\jean\applic~1\ElevatedDiagnostics
Driver::
mfehidk
mfevtp

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If you have no remaining issues we`ll clean up and remove all tools we have used in next post...

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #25 on: May 03, 2011, 11:40:39 AM »
I hope i did this correctly...had a hard time, forgot I renamed combofix, then could get file to move...

ComboFix 11-05-02.04 - jean 05/03/2011  10:18:56.4.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.494 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-03 to 2011-05-03  )))))))))))))))))))))))))))))))
.
.
2011-05-03 16:56 . 2011-05-03 16:56   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys
2011-05-03 16:56 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\mpengine.dll
2011-05-03 16:00 . 2011-05-03 16:00   --------   d-----w-   c:\windows\LastGood
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-02 22:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14 . 2011-04-30 22:14   --------   d-----w-   c:\documents and settings\jean\Application Data\Registry Mechanic
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 22:06 . 2011-04-30 22:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12 . 2011-04-30 00:12   --------   d-----w-   c:\documents and settings\jean\Application Data\ElevatedDiagnostics
2011-04-29 16:26 . 2010-11-09 21:56   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26 . 2010-11-09 21:56   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-21 05:20 . 2011-04-22 04:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-21 03:43 . 2010-10-14 05:28   141792   ----a-w-   c:\windows\system32\mfevtps.exe
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-01_21.22.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-28 04:37 . 2011-05-03 16:03   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-07-28 04:37 . 2011-02-20 11:00   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-21 23:04 . 2011-05-02 18:16   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
- 2011-04-21 23:04 . 2011-04-21 23:04   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-21 23:04 . 2011-05-02 18:16   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
- 2011-04-21 23:04 . 2011-04-21 23:04   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-05-03 16:02 . 2011-05-03 16:02   200192              c:\windows\Installer\3587c8b.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   988160              c:\windows\Installer\3587c85.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   20314624              c:\windows\Installer\3587c96.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl1f58280b;MpKsl1f58280b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys [5/3/2011 9:56 AM 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 9:26 AM 98392]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1F58280B
*NewlyCreated* - MPKSLE330359E
*NewlyCreated* - SEAPORT
*Deregistered* - MpKsle330359e
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 10:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-03  10:25:47
ComboFix-quarantined-files.txt  2011-05-03 17:25
ComboFix2.txt  2011-05-02 16:34
ComboFix3.txt  2011-05-01 21:25
.
Pre-Run: 67,339,059,200 bytes free
Post-Run: 67,365,675,008 bytes free
.
- - End Of File - - 1FAE685C686DF1F93572B6F5A6D7C127

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #26 on: May 03, 2011, 01:05:19 PM »
Hiy Jean,

You got that part wrong, go back to post 24. The instruction asks you to open Notepad and copy and paste the script from the code box to Notepad, then Save it as CFScript.txt, and as Type: All Files (*.*)  in the same location as ComboFix.exe (Gotcha.exe) which is the Desktop, next drag the text file by left click on the file and hold the mouse button down, drag and drop on top of Combofix (Gotcha) release the mouse button.
Go back to post 24 and follow the instructions... Any problems, let me know.

Kevin

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #27 on: May 03, 2011, 01:49:08 PM »
Trying again

ComboFix 11-05-02.04 - jean 05/03/2011  12:20:56.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.629 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
Command switches used :: c:\documents and settings\jean\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\mfehidk.sys"
"c:\windows\system32\drivers\SBREDrv.sys"
"c:\windows\system32\mfevtps.exe"
"c:\windows\system32\sbbd.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\alluse~1\applic~1\PC Tools
c:\docume~1\alluse~1\applic~1\PC Tools\DownloadManager\Registry Mechanic10.0\rminstall_revwire207_aff_dl.exe
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
c:\docume~1\alluse~1\applic~1\STOPzilla!\scanner.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-000.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-001.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-002.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-003.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-004.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-005.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-006.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-007.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-008.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-009.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-010.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-011.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-012.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-013.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-014.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-015.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-016.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-017.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-018.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-019.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-020.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-021.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-022.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-023.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-024.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-025.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-026.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-027.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-028.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-029.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-030.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-031.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-032.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-033.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-034.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-035.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-036.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-037.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-038.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-039.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-040.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-041.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-042.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-043.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-044.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-045.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-046.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-047.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-048.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-049.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-050.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-051.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-052.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-053.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-054.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-055.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-056.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-057.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-058.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-059.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-060.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-061.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-062.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-063.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-064.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-065.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-066.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-067.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-068.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-069.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-070.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-071.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-072.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-073.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-074.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-075.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-076.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-077.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-078.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-079.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-080.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-081.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-082.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-083.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-084.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-085.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-086.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vbcorent.dll
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vdb.xml
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\xml_edk.log-1
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\xml_edk.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\zilla5.log
c:\docume~1\jean\applic~1\ElevatedDiagnostics
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\DIAG_WindowsFirewallDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\DIAG_WindowsFirewallDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\DIAG_IEPerformanceDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\DIAG_IEPerformanceDiagnostic.1.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\latest.cab
c:\docume~1\jean\applic~1\Registry Mechanic
c:\docume~1\jean\applic~1\Registry Mechanic\log\pgscan_04.30.2011_15.14.45.html
c:\docume~1\jean\applic~1\Registry Mechanic\log\pgscan_04.30.2011_15.16.43.html
c:\docume~1\jean\applic~1\Registry Mechanic\SystemReport.txt
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\mfevtps.exe
c:\windows\system32\sbbd.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MFEHIDK
-------\Legacy_MFEVTP
-------\Service_mfehidk
-------\Service_mfevtp
-------\Legacy_SBRE
-------\Service_SBRE
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-03 to 2011-05-03  )))))))))))))))))))))))))))))))
.
.
2011-05-03 19:13 . 2011-05-03 19:13   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\MpKsl32b0c0d8.sys
2011-05-03 17:30 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\mpengine.dll
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-02 22:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\ea ----
.
2009-03-28 00:01 . 2009-03-28 00:01   288616   ----a-w-   c:\ea\Support_Resources_zh_TW.dll
2009-03-27 23:57 . 2009-03-27 23:57   288104   ----a-w-   c:\ea\Support_Resources_zh_CN.dll
2009-03-27 23:53 . 2009-03-27 23:53   305000   ----a-w-   c:\ea\Support_Resources_sv_SE.dll
2009-03-27 23:49 . 2009-03-27 23:49   308584   ----a-w-   c:\ea\Support_Resources_ru_RU.dll
2009-03-27 23:45 . 2009-03-27 23:45   308584   ----a-w-   c:\ea\Support_Resources_ro_RO.dll
2009-03-27 23:39 . 2009-03-27 23:39   308568   ----a-w-   c:\ea\Support_Resources_pt_PT.dll
2009-03-27 23:35 . 2009-03-27 23:35   308072   ----a-w-   c:\ea\Support_Resources_pt_BR.dll
2009-03-27 23:31 . 2009-03-27 23:31   309592   ----a-w-   c:\ea\Support_Resources_pl_PL.dll
2009-03-27 23:27 . 2009-03-27 23:27   309096   ----a-w-   c:\ea\Support_Resources_nl_NL.dll
2009-03-27 23:23 . 2009-03-27 23:23   304488   ----a-w-   c:\ea\Support_Resources_nb_NO.dll
2009-03-27 23:19 . 2009-03-27 23:19   293224   ----a-w-   c:\ea\Support_Resources_ko_KR.dll
2009-03-27 23:15 . 2009-03-27 23:15   293736   ----a-w-   c:\ea\Support_Resources_ja_JP.dll
2009-03-27 23:11 . 2009-03-27 23:11   309096   ----a-w-   c:\ea\Support_Resources_it_IT.dll
2009-03-27 23:07 . 2009-03-27 23:07   308568   ----a-w-   c:\ea\Support_Resources_hu_HU.dll
2009-03-27 23:03 . 2009-03-27 23:03   311128   ----a-w-   c:\ea\Support_Resources_fr_FR.dll
2009-03-27 22:59 . 2009-03-27 22:59   307560   ----a-w-   c:\ea\Support_Resources_fi_FI.dll
2009-03-27 22:55 . 2009-03-27 22:55   310104   ----a-w-   c:\ea\Support_Resources_es_ES.dll
2009-03-27 22:51 . 2009-03-27 22:51   312680   ----a-w-   c:\ea\Support_Resources_el_GR.dll
2009-03-27 22:47 . 2009-03-27 22:47   311656   ----a-w-   c:\ea\Support_Resources_de_DE.dll
2009-03-27 22:43 . 2009-03-27 22:43   305512   ----a-w-   c:\ea\Support_Resources_da_DK.dll
2009-03-27 22:39 . 2009-03-27 22:39   306536   ----a-w-   c:\ea\Support_Resources_cs_CZ.dll
2009-03-27 22:16 . 2009-03-27 22:16   304984   ----a-w-   c:\ea\Support_Resources_en_US.dll
2009-03-27 22:06 . 2009-03-27 22:06   2730336   ----a-w-   c:\ea\SupportConsole.exe
2009-03-27 22:06 . 2009-03-27 22:06   1449816   ----a-w-   c:\ea\AppShare.dll
2009-03-27 22:06 . 2009-03-27 22:06   920912   ----a-w-   c:\ea\Collaborate.dll
2009-03-27 22:05 . 2009-03-27 22:05   118112   ----a-w-   c:\ea\CollabHook.EA.dll
2009-03-27 22:05 . 2009-03-27 22:05   52552   ----a-w-   c:\ea\AutoScale.dll
2009-03-23 17:30 . 2009-03-23 17:30   848   ----a-w-   c:\ea\supportconsole.exe.manifest
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-01_21.22.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-03 19:28 . 2011-05-03 19:28   16384              c:\windows\temp\Perflib_Perfdata_618.dat
- 2010-07-28 04:37 . 2011-02-20 11:00   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-07-28 04:37 . 2011-05-03 16:03   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-21 23:04 . 2011-05-02 18:16   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
- 2011-04-21 23:04 . 2011-04-21 23:04   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-21 23:04 . 2011-05-02 18:16   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
- 2011-04-21 23:04 . 2011-04-21 23:04   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-05-03 16:02 . 2011-05-03 16:02   200192              c:\windows\Installer\3587c8b.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   988160              c:\windows\Installer\3587c85.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   20314624              c:\windows\Installer\3587c96.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl32b0c0d8;MpKsl32b0c0d8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\MpKsl32b0c0d8.sys [5/3/2011 12:13 PM 28752]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f58280b;MpKsl1f58280b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:00 AM 14336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-03  12:43:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-05-03 19:43
ComboFix2.txt  2011-05-03 17:25
ComboFix3.txt  2011-05-02 16:34
ComboFix4.txt  2011-05-01 21:25
.
Pre-Run: 67,367,596,032 bytes free
Post-Run: 67,200,196,608 bytes free
.
- - End Of File - - FEB3BFB92136B9EEB0F785C9775B3753

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7676
Re: [Resolved K] Advertising pop up
« Reply #28 on: May 03, 2011, 02:10:57 PM »
How is your system responding, any issues?

Offline addictedtolabs

  • Bronze Member
  • Posts: 59
Re: [Resolved K] Advertising pop up
« Reply #29 on: May 03, 2011, 05:14:02 PM »

Not that I can see. Didnt have printer earlier but rebooted and everything was fine.