SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: addictedtolabs on April 29, 2011, 10:05:20 PM

Title: [Resolved K] Advertising pop up
Post by: addictedtolabs on April 29, 2011, 10:05:20 PM
I have spent 7 days with 3 diffrent tects from microsoft and the problem is still not completly resolved.
10 minute mind quiz, the clelebrity cafe pop[ up when I log into email.

The ads show up in task manger as applications.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:03:50 PM, on 4/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security

Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\MSN

Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on April 30, 2011, 12:02:46 AM
Hello addictedtolabs and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Can you check Notepad and make sure "Wordwrap" is NOT selected by opening Notepad and selecting "Format"

Next....

Re-run HJT and post the full log that is produced, you have only copied part of your original log.

Next,

Tell us what you did under the guidance of the Microsoft techs and post any logs or general information produced.

Thanks,

Kevin...
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on April 30, 2011, 12:25:46 PM
Thanks so much, The microsoft tects took over my computer with the assist program so I can not tell you what they did. several scans were run. They did resolve a problem with a false security system poping up.

I re-ran HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:07 AM, on 4/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msse] "C:\Program Files\Microsoft Security Essentials\msseces.exe" –hide
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.dmtc.com/live/AxisCamControl.ocx
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F58DE655-19FD-49D7-A154-D3546736BBF9}: NameServer = 4.2.2.1,4.2.2.2
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8720 bytes

Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on April 30, 2011, 05:36:05 PM
Hiya addictedtolabs,

Thanks for the information, continue as follows :-

Step 1

Please re-open HiJackThis and scan only.  Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot

Step 2

Download (http://www.geekstogo.com/misc/guide_icons/tfc_icon.png) TFC  to your desktop, from either of the following links
 Link 1 (http://oldtimer.geekstogo.com/TFC.exe)
 Link 2 (http://itxassociates.com/OT-Tools/TFC.exe)
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. It should re-boot your OS on completion, if not re-boot yourself please.
It is not unusual for your system to be slow after running TFC, this will correct after a couple of re-boots.

Step 3

(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) Anti-Malware and save it to your desktop.
Alernative D/L mirror (http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml)
Alternative D/L mirror (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Steps 4

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:

         1. DDS.txt
         2. Attach.txt
(http://i270.photobucket.com/albums/jj116/Bugbatter2/DDS.jpg)
 
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html)

What i`d like to see in your reply :-


Kevin.....
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 08:53:54 AM
Hi,
Your links were not working but I was able to access TFC and malwarebytes. I get a dentist site when trying to get to DDS.com

log from malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6481

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/1/2011 6:40:37 AM
mbam-log-2011-05-01 (06-40-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 332239
Time elapsed: 1 hour(s), 22 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\documents\jean comp\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\jean comp\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 09:18:53 AM
I got to DDS by right clicking...NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 11:41:41 AM
System Uptime: 5/1/2011 7:34:42 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 61.967 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 114.873 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP297: 2/10/2011 10:58:08 AM - Software Distribution Service 3.0
RP298: 2/10/2011 12:18:51 PM - System Checkpoint
RP299: 2/11/2011 11:05:16 AM - Software Distribution Service 3.0
RP300: 2/12/2011 11:05:16 AM - Software Distribution Service 3.0
RP301: 2/13/2011 2:24:05 AM - Software Distribution Service 3.0
RP302: 2/13/2011 10:02:37 AM - Installed Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
RP303: 2/13/2011 12:09:00 PM - Software Distribution Service 3.0
RP304: 2/14/2011 12:24:23 PM - System Checkpoint
RP305: 2/14/2011 12:26:05 PM - Software Distribution Service 3.0
RP306: 2/15/2011 12:25:55 PM - Software Distribution Service 3.0
RP307: 2/16/2011 12:26:02 PM - Software Distribution Service 3.0
RP308: 2/17/2011 12:26:03 PM - Software Distribution Service 3.0
RP309: 2/18/2011 1:12:58 PM - System Checkpoint
RP310: 2/18/2011 11:14:36 PM - Software Distribution Service 3.0
RP311: 2/19/2011 11:14:38 PM - Software Distribution Service 3.0
RP312: 2/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP313: 2/20/2011 11:14:34 PM - Software Distribution Service 3.0
RP314: 2/21/2011 11:55:26 PM - System Checkpoint
RP315: 2/22/2011 2:57:10 PM - Software Distribution Service 3.0
RP316: 2/23/2011 3:55:25 PM - System Checkpoint
RP317: 2/23/2011 4:32:06 PM - Software Distribution Service 3.0
RP318: 2/23/2011 4:43:28 PM - Software Distribution Service 3.0
RP319: 2/24/2011 4:38:26 PM - Software Distribution Service 3.0
RP320: 2/25/2011 4:38:32 PM - Software Distribution Service 3.0
RP321: 2/26/2011 4:38:39 PM - Software Distribution Service 3.0
RP322: 2/27/2011 1:54:48 AM - Software Distribution Service 3.0
RP323: 2/28/2011 2:05:02 AM - System Checkpoint
RP324: 2/28/2011 1:06:47 PM - Software Distribution Service 3.0
RP325: 3/1/2011 1:06:46 PM - Software Distribution Service 3.0
RP326: 3/2/2011 1:07:33 PM - Software Distribution Service 3.0
RP327: 3/3/2011 1:06:45 PM - Software Distribution Service 3.0
RP328: 3/4/2011 1:06:40 PM - Software Distribution Service 3.0
RP329: 3/5/2011 1:21:28 PM - System Checkpoint
RP330: 3/6/2011 1:50:21 AM - Software Distribution Service 3.0
RP331: 3/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP332: 3/7/2011 3:20:11 AM - System Checkpoint
RP333: 3/7/2011 3:22:03 AM - Software Distribution Service 3.0
RP334: 3/8/2011 3:21:56 AM - Software Distribution Service 3.0
RP335: 3/9/2011 3:00:17 AM - Software Distribution Service 3.0
RP336: 3/9/2011 3:22:06 AM - Software Distribution Service 3.0
RP337: 3/10/2011 3:21:59 AM - Software Distribution Service 3.0
RP338: 3/11/2011 3:22:05 AM - Software Distribution Service 3.0
RP339: 3/12/2011 3:21:57 AM - Software Distribution Service 3.0
RP340: 3/13/2011 2:33:12 AM - Software Distribution Service 3.0
RP341: 3/14/2011 3:20:04 AM - System Checkpoint
RP342: 3/14/2011 3:21:51 AM - Software Distribution Service 3.0
RP343: 3/15/2011 3:22:06 AM - Software Distribution Service 3.0
RP344: 3/16/2011 3:21:55 AM - Software Distribution Service 3.0
RP345: 3/17/2011 3:35:17 AM - System Checkpoint
RP346: 3/17/2011 12:36:52 PM - Software Distribution Service 3.0
RP347: 3/18/2011 12:36:47 PM - Software Distribution Service 3.0
RP348: 3/19/2011 12:36:32 PM - Software Distribution Service 3.0
RP349: 3/20/2011 2:00:29 AM - Software Distribution Service 3.0
RP350: 3/20/2011 12:36:38 PM - Software Distribution Service 3.0
RP351: 3/21/2011 8:53:43 AM - Removed Adobe Reader 9.4.2.
RP352: 3/21/2011 8:54:09 AM - Installed Adobe Reader X (10.0.1).
RP353: 3/22/2011 9:20:23 AM - System Checkpoint
RP354: 3/22/2011 9:22:21 AM - Software Distribution Service 3.0
RP355: 3/23/2011 9:22:06 AM - Software Distribution Service 3.0
RP356: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP357: 3/24/2011 12:57:26 PM - Software Distribution Service 3.0
RP358: 3/25/2011 12:44:55 PM - Software Distribution Service 3.0
RP359: 3/26/2011 12:44:50 PM - Software Distribution Service 3.0
RP360: 3/27/2011 2:01:33 AM - Software Distribution Service 3.0
RP361: 3/27/2011 12:44:42 PM - Software Distribution Service 3.0
RP362: 3/28/2011 12:45:10 PM - Software Distribution Service 3.0
RP363: 3/29/2011 12:45:06 PM - Software Distribution Service 3.0
RP364: 3/30/2011 12:44:54 PM - Software Distribution Service 3.0
RP365: 3/31/2011 12:44:45 PM - Software Distribution Service 3.0
RP366: 4/1/2011 1:37:07 PM - System Checkpoint
RP367: 4/2/2011 9:39:02 AM - Software Distribution Service 3.0
RP368: 4/3/2011 1:58:35 AM - Software Distribution Service 3.0
RP369: 4/3/2011 9:38:58 AM - Software Distribution Service 3.0
RP370: 4/4/2011 9:38:47 AM - Software Distribution Service 3.0
RP371: 4/5/2011 9:38:51 AM - Software Distribution Service 3.0
RP372: 4/6/2011 9:38:52 AM - Software Distribution Service 3.0
RP373: 4/7/2011 9:38:53 AM - Software Distribution Service 3.0
RP374: 4/8/2011 9:38:50 AM - Software Distribution Service 3.0
RP375: 4/9/2011 9:38:51 AM - Software Distribution Service 3.0
RP376: 4/10/2011 1:58:49 AM - Software Distribution Service 3.0
RP377: 4/10/2011 9:38:58 AM - Software Distribution Service 3.0
RP378: 4/11/2011 9:39:00 AM - Software Distribution Service 3.0
RP379: 4/12/2011 9:38:40 AM - Software Distribution Service 3.0
RP380: 4/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP381: 4/14/2011 3:27:59 AM - System Checkpoint
RP382: 4/14/2011 3:30:19 AM - Software Distribution Service 3.0
RP383: 4/15/2011 3:30:20 AM - Software Distribution Service 3.0
RP384: 4/16/2011 3:58:46 AM - System Checkpoint
RP385: 4/16/2011 7:44:14 PM - Restore Operation
RP386: 4/16/2011 7:46:39 PM - Restore Operation
RP387: 4/17/2011 8:22:13 PM - System Checkpoint
RP388: 4/18/2011 10:00:53 AM - Restore Operation
RP389: 4/18/2011 10:19:13 AM - Restore Operation
RP390: 4/18/2011 10:22:09 AM - Removed Clean Run Magazine - August 2009
RP391: 4/19/2011 10:23:19 AM - System Checkpoint
RP392: 4/20/2011 11:14:31 AM - System Checkpoint
RP393: 4/20/2011 10:20:32 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP394: 4/21/2011 3:59:55 PM - Restore Operation
RP395: 4/21/2011 9:20:04 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP396: 4/25/2011 4:46:34 AM - System Checkpoint
RP397: 4/26/2011 2:00:54 PM - Installed Microsoft Easy Assist v2
RP398: 4/27/2011 8:09:12 PM - System Checkpoint
RP399: 4/28/2011 1:25:16 PM - Installed Microsoft Fix it 50362
RP400: 4/29/2011 8:38:30 AM - ARO 2011 - Before Installation
RP401: 4/29/2011 8:39:00 AM - ARO 2011 - FIRST RUN
RP402: 4/29/2011 9:08:35 AM - Installed Microsoft Fix it 50202
RP403: 4/29/2011 8:38:26 PM - Installed HiJackThis
RP404: 4/30/2011 10:33:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Amazon Kindle For PC
Any Video Converter 3.1.6
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Bing Bar
Bing Bar Platform
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon i860
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Definition update for Microsoft Office 2010 (KB982726)
Driver Detective
Foxit Creator
Foxit Reader
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ieSpell
Internet Explorer (Enable DEP)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
LSI PCI Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OverDrive Media Console
PhotoStitch
QuickTime
RAW Image Task
RemoteCapture Task
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sony USB Driver
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 1.1.7
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
WinRAR archiver
Xvid 1.1.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
4/30/2011 5:27:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
4/30/2011 11:58:15 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/29/2011 3:30:26 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:45:51 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:41:40 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 7:57:43 AM, error: Dhcp [1002]  - The IP address lease 72.220.58.4 for the Network Card with network address 0011D82DCB66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/27/2011 7:39:59 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:08:07 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:38 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:05:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 12:27:01 PM, error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
4/26/2011 10:36:01 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 10:26:26 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/25/2011 2:53:47 PM, error: Service Control Manager [7023]  - The srv774 service terminated with the following error:  The specified module could not be found.
4/24/2011 9:09:42 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/24/2011 5:40:52 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/24/2011 3:00:20 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 09:23:11 AM
Sorry if this is a duplicate....
DDS (Ver_11-03-05.01) - NTFSx86 
Run by jean at  8:12:21.29 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.301 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\4PRJSWCS\dds[1].com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jean\applic~1\mozilla\firefox\profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl176e9516;MpKsl176e9516;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl176e9516.sys [2011-5-1 28752]
R1 MpKsl3287e956;MpKsl3287e956;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl3287e956.sys [2011-4-30 28752]
R1 MpKsl44860393;MpKsl44860393;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl44860393.sys [2011-4-30 28752]
R1 MpKslc141a07f;MpKslc141a07f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKslc141a07f.sys [2011-4-30 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-20 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\mpksl1c95646b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\mpksl1f94acea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\mpksl70de0823.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\mpksl7e6d7dc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\mpkslfd2991ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2011-05-01 14:35:10   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl176e9516.sys
2011-05-01 06:55:46   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKslc141a07f.sys
2011-05-01 06:46:09   --------   d-----w-   c:\docume~1\jean\applic~1\Malwarebytes
2011-05-01 06:45:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45:54   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-01 06:45:51   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-05-01 06:21:31   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl44860393.sys
2011-05-01 06:00:50   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\MpKsl3287e956.sys
2011-04-30 22:14:45   --------   d-----w-   c:\docume~1\jean\applic~1\Registry Mechanic
2011-04-30 22:06:37   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-30 03:38:29   388096   ----a-r-   c:\docume~1\jean\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-30 03:38:27   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12:54   --------   d-----w-   c:\docume~1\jean\applic~1\ElevatedDiagnostics
2011-04-29 16:26:45   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26:45   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26:33   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38:51   --------   d-----w-   c:\docume~1\jean\applic~1\Sammsoft
2011-04-28 18:45:57   7071056   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{74e3ae5d-3c52-427c-9c46-5e750493cad6}\mpengine.dll
2011-04-27 00:36:39   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35:54   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21:11   --------   d-----w-   C:\KodakESS
2011-04-26 21:00:55   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Applications
2011-04-23 00:31:54   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-23 00:31:45   781272   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-23 00:31:45   1874904   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-04-23 00:31:45   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-04-23 00:31:44   728024   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-04-23 00:31:44   1893336   ----a-w-   c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-23 00:31:44   142296   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-04-23 00:31:43   1975768   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-22 17:44:24   --------   d-----w-   C:\ea
2011-04-22 02:25:26   --------   d-----w-   c:\windows\pss
2011-04-21 05:20:40   --------   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-21 03:43:36   141792   ----a-w-   c:\windows\system32\mfevtps.exe
.
==================== Find3M  ====================
.
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-13 20:09:46   232968   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-02-13 20:09:46   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-02-13 20:09:44   232968   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11:20   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866C76E7]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x866cd9d0]; MOV EAX, [0x866cda4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86765AB8]
3 CLASSPNP[0xF764CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000062[0x8676C2A0]
5 ACPI[0xF74B3620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86783940]
\Driver\atapi[0x8675A030] -> IRP_MJ_CREATE -> 0x866C76E7
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866C7532
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  8:13:52.06 ===============
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 01, 2011, 10:50:01 AM
Hiya addictedtolabs,

Proceed as follows please :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1 (http://www.infospyware.net/antimalware/combofix/)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here (http://thespykiller.co.uk/index.php?page=20) why  disabling autoruns is recommended.

*EXTRA NOTES*

Post the log in next reply please...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 03:59:03 PM
 I think i managed to follow instructions. When I tried to connect to get back to you the ad (Celebrity Cafe ) poped up :o2

ComboFix 11-04-30.06 - jean 05/01/2011  14:07:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.336 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-01 to 2011-05-01  )))))))))))))))))))))))))))))))
.
.
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14 . 2011-04-30 22:14   --------   d-----w-   c:\documents and settings\jean\Application Data\Registry Mechanic
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 22:06 . 2011-04-30 22:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12 . 2011-04-30 00:12   --------   d-----w-   c:\documents and settings\jean\Application Data\ElevatedDiagnostics
2011-04-29 16:26 . 2010-11-09 21:56   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26 . 2010-11-09 21:56   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-28 18:45 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74E3AE5D-3C52-427C-9C46-5E750493CAD6}\mpengine.dll
2011-04-27 00:36 . 2011-04-27 00:36   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35 . 2011-04-27 00:37   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-21 05:20 . 2011-04-22 04:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-21 03:43 . 2010-10-14 05:28   141792   ----a-w-   c:\windows\system32\mfevtps.exe
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2010-07-24 18:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 9:26 AM 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/20/2011 8:43 PM 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:00 AM 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-01 14:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x866CE532
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-01  14:25:33
ComboFix-quarantined-files.txt  2011-05-01 21:25
.
Pre-Run: 65,909,460,992 bytes free
Post-Run: 66,593,366,016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A3E369BE272874B030E534892CB14631
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 01, 2011, 04:07:48 PM
Continue as follows :-

Please read carefully and follow these steps.
Let me see the log in next reply...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 04:31:52 PM
I am getting an error message TDSS must close....do I want to report....
I went back and turned off all security programs but it will only go 80%
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 01, 2011, 04:53:39 PM
Run it from Safe Mode
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 05:23:33 PM
I tried,get the same message.

By the way a Rundill error i hadnt mentioned has been fixed. : )
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 01, 2011, 05:29:38 PM
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save to your desktop.

Double click the aswMBR.exe to run it, Windows 7 or Vista user right click and select "Run as Administrator" accept any alerts.

Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)

On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 01, 2011, 05:45:28 PM
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 16:42:11
-----------------------------
16:42:11.234    OS Version: Windows 5.1.2600 Service Pack 3
16:42:11.234    Number of processors: 1 586 0xC00
16:42:11.234    ComputerName: JEAN-C7D733DC67  UserName: jean
16:42:11.875    Initialize success
16:42:23.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:42:23.250    Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
16:42:23.250    Device \Driver\atapi -> DriverStartIo 866d2532
16:42:25.250    Disk 0 MBR read successfully
16:42:25.250    Disk 0 MBR scan
16:42:25.250    Disk 0 TDL4@MBR code has been found
16:42:25.250    Disk 0 Windows XP default MBR code found via API
16:42:25.250    Disk 0 MBR hidden
16:42:25.250    Disk 0 MBR [TDL4]  **ROOTKIT**
16:42:25.250    Disk 0 trace - called modules:
16:42:25.250    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866d26e7]<<
16:42:25.250    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86785ab8]
16:42:25.250    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\00000060[0x86766198]
16:42:25.250    5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> [0x86786940]
16:42:25.750    \Driver\atapi[0x86753030] -> IRP_MJ_CREATE -> 0x866d26e7
16:42:25.750    Scan finished successfully
16:43:18.968    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jean\Desktop\MBR.dat"
16:43:19.000    The log file has been saved successfully to "C:\Documents and Settings\jean\Desktop\aswMBR.txt"


Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 02, 2011, 12:33:58 AM
Hiya addictedtolabs,

As follows please...

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix for TDL4

(http://public.avast.com/~gmerek/aswMBR3.png)

Save the log as before and post in your next reply,

Kevin.
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 02, 2011, 09:36:56 AM
Should I have my security system turned off during these scans?
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 02, 2011, 10:13:23 AM
Hi
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 09:06:44
-----------------------------
09:06:44.953    OS Version: Windows 5.1.2600 Service Pack 3
09:06:44.953    Number of processors: 1 586 0xC00
09:06:44.953    ComputerName: JEAN-C7D733DC67  UserName: jean
09:06:47.921    Initialize success
09:06:51.796    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:06:51.796    Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
09:06:51.812    Device \Driver\atapi -> DriverStartIo 866ce532
09:06:53.906    Disk 0 MBR read successfully
09:06:53.906    Disk 0 MBR scan
09:06:53.906    Disk 0 TDL4@MBR code has been found
09:06:53.906    Disk 0 Windows XP default MBR code found via API
09:06:53.906    Disk 0 MBR hidden
09:06:53.906    Disk 0 MBR [TDL4]  **ROOTKIT**
09:06:53.906    Disk 0 trace - called modules:
09:06:53.906    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866ce6e7]<<
09:06:53.906    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8672aab8]
09:06:53.906    3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\00000060[0x8678cf18]
09:06:53.906    5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> [0x86786940]
09:06:54.343    \Driver\atapi[0x86758ab0] -> IRP_MJ_CREATE -> 0x866ce6e7
09:06:54.343    Scan finished successfully
09:07:09.421    Disk 0 fixing MBR
09:07:19.421    Disk 0 MBR restored successfully
09:07:19.421    Infection fixed successfully - please reboot ASAP
09:07:51.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jean\Desktop\MBR.dat"
09:07:52.093    The log file has been saved successfully to "C:\Documents and Settings\jean\Desktop\aswMBR.txt"


Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 02, 2011, 12:42:08 PM
Hiya addictedtolabs ,

Run the following scan please:

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:

         1. DDS.txt
         2. Attach.txt
(http://i270.photobucket.com/albums/jj116/Bugbatter2/DDS.jpg)
 
Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html)

Let me see the two logs produced by DDS, also give update on any issues or concerns that you have...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 02, 2011, 03:12:01 PM
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/24/2010 11:41:41 AM
System Uptime: 5/2/2011 10:39:55 AM (4 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz



.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by jean at 14:02:51.43 on Mon 05/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.561 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jean\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.dmtc.com/live/AxisCamControl.ocx
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jean\applic~1\mozilla\firefox\profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl33c21423;MpKsl33c21423;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\MpKsl33c21423.sys [2011-5-2 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 98392]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-20 141792]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\mpksl1c95646b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b7debab-0a7a-4532-b565-ddc974a80d2c}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\mpksl1f94acea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f017568-541e-40b4-9986-7628a4d94c31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\mpksl70de0823.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee21ba05-135c-4225-9ab5-b7b79fb5e6fd}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\mpksl7e6d7dc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0c13cf9-8f0c-4cd0-ba74-6af97e04a0c4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\mpkslfd2991ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a77f779f-f6ff-4bae-9daf-c5f4858a5ad9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz132;cpuz132;\??\c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jean\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2011-05-02 18:16:20   29544   ----a-w-   c:\program files\mozilla firefox\plugins\np_gp.dll
2011-05-02 17:40:22   28752   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\MpKsl33c21423.sys
2011-05-02 16:37:13   7071056   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b9b0e219-631a-4640-a54e-b19428303c08}\mpengine.dll
2011-05-01 17:32:05   --------   d-sha-r-   C:\cmdcons
2011-05-01 17:21:48   98816   ----a-w-   c:\windows\sed.exe
2011-05-01 17:21:48   89088   ----a-w-   c:\windows\MBR.exe
2011-05-01 17:21:48   256512   ----a-w-   c:\windows\PEV.exe
2011-05-01 17:21:48   161792   ----a-w-   c:\windows\SWREG.exe
2011-05-01 06:46:09   --------   d-----w-   c:\docume~1\jean\applic~1\Malwarebytes
2011-05-01 06:45:55   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45:54   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-01 06:45:51   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14:45   --------   d-----w-   c:\docume~1\jean\applic~1\Registry Mechanic
2011-04-30 22:06:37   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-30 03:38:29   388096   ----a-r-   c:\docume~1\jean\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-30 03:38:27   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12:54   --------   d-----w-   c:\docume~1\jean\applic~1\ElevatedDiagnostics
2011-04-29 16:26:45   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26:45   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26:33   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38:51   --------   d-----w-   c:\docume~1\jean\applic~1\Sammsoft
2011-04-27 00:36:39   --------   d-----w-   c:\program files\MSN Toolbar
2011-04-27 00:35:54   --------   d-----w-   c:\program files\Bing Bar Installer
2011-04-26 21:21:11   --------   d-----w-   C:\KodakESS
2011-04-26 21:00:55   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Applications
2011-04-23 00:31:54   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-23 00:31:45   781272   ----a-w-   c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-23 00:31:45   1874904   ----a-w-   c:\program files\mozilla firefox\mozjs.dll
2011-04-23 00:31:45   15832   ----a-w-   c:\program files\mozilla firefox\mozalloc.dll
2011-04-23 00:31:44   728024   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
2011-04-23 00:31:44   1893336   ----a-w-   c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-23 00:31:44   142296   ----a-w-   c:\program files\mozilla firefox\libEGL.dll
2011-04-23 00:31:43   1975768   ----a-w-   c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-22 17:44:24   --------   d-----w-   C:\ea
2011-04-22 02:25:26   --------   d-----w-   c:\windows\pss
2011-04-21 05:20:40   --------   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-04-21 03:43:36   141792   ----a-w-   c:\windows\system32\mfevtps.exe
.
==================== Find3M  ====================
.
2011-03-07 05:33:50   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 12:32:12   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-13 20:09:46   232968   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-02-13 20:09:46   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-02-13 20:09:44   232968   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-02-09 13:53:52   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53:52   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33:55   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33:55   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11:20   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35   2067456   ----a-w-   c:\windows\system32\mstscax.dll
.
============= FINISH: 14:03:29.50 ===============

.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 62.759 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 114.873 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP313: 2/20/2011 11:14:34 PM - Software Distribution Service 3.0
RP314: 2/21/2011 11:55:26 PM - System Checkpoint
RP315: 2/22/2011 2:57:10 PM - Software Distribution Service 3.0
RP316: 2/23/2011 3:55:25 PM - System Checkpoint
RP317: 2/23/2011 4:32:06 PM - Software Distribution Service 3.0
RP318: 2/23/2011 4:43:28 PM - Software Distribution Service 3.0
RP319: 2/24/2011 4:38:26 PM - Software Distribution Service 3.0
RP320: 2/25/2011 4:38:32 PM - Software Distribution Service 3.0
RP321: 2/26/2011 4:38:39 PM - Software Distribution Service 3.0
RP322: 2/27/2011 1:54:48 AM - Software Distribution Service 3.0
RP323: 2/28/2011 2:05:02 AM - System Checkpoint
RP324: 2/28/2011 1:06:47 PM - Software Distribution Service 3.0
RP325: 3/1/2011 1:06:46 PM - Software Distribution Service 3.0
RP326: 3/2/2011 1:07:33 PM - Software Distribution Service 3.0
RP327: 3/3/2011 1:06:45 PM - Software Distribution Service 3.0
RP328: 3/4/2011 1:06:40 PM - Software Distribution Service 3.0
RP329: 3/5/2011 1:21:28 PM - System Checkpoint
RP330: 3/6/2011 1:50:21 AM - Software Distribution Service 3.0
RP331: 3/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP332: 3/7/2011 3:20:11 AM - System Checkpoint
RP333: 3/7/2011 3:22:03 AM - Software Distribution Service 3.0
RP334: 3/8/2011 3:21:56 AM - Software Distribution Service 3.0
RP335: 3/9/2011 3:00:17 AM - Software Distribution Service 3.0
RP336: 3/9/2011 3:22:06 AM - Software Distribution Service 3.0
RP337: 3/10/2011 3:21:59 AM - Software Distribution Service 3.0
RP338: 3/11/2011 3:22:05 AM - Software Distribution Service 3.0
RP339: 3/12/2011 3:21:57 AM - Software Distribution Service 3.0
RP340: 3/13/2011 2:33:12 AM - Software Distribution Service 3.0
RP341: 3/14/2011 3:20:04 AM - System Checkpoint
RP342: 3/14/2011 3:21:51 AM - Software Distribution Service 3.0
RP343: 3/15/2011 3:22:06 AM - Software Distribution Service 3.0
RP344: 3/16/2011 3:21:55 AM - Software Distribution Service 3.0
RP345: 3/17/2011 3:35:17 AM - System Checkpoint
RP346: 3/17/2011 12:36:52 PM - Software Distribution Service 3.0
RP347: 3/18/2011 12:36:47 PM - Software Distribution Service 3.0
RP348: 3/19/2011 12:36:32 PM - Software Distribution Service 3.0
RP349: 3/20/2011 2:00:29 AM - Software Distribution Service 3.0
RP350: 3/20/2011 12:36:38 PM - Software Distribution Service 3.0
RP351: 3/21/2011 8:53:43 AM - Removed Adobe Reader 9.4.2.
RP352: 3/21/2011 8:54:09 AM - Installed Adobe Reader X (10.0.1).
RP353: 3/22/2011 9:20:23 AM - System Checkpoint
RP354: 3/22/2011 9:22:21 AM - Software Distribution Service 3.0
RP355: 3/23/2011 9:22:06 AM - Software Distribution Service 3.0
RP356: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0
RP357: 3/24/2011 12:57:26 PM - Software Distribution Service 3.0
RP358: 3/25/2011 12:44:55 PM - Software Distribution Service 3.0
RP359: 3/26/2011 12:44:50 PM - Software Distribution Service 3.0
RP360: 3/27/2011 2:01:33 AM - Software Distribution Service 3.0
RP361: 3/27/2011 12:44:42 PM - Software Distribution Service 3.0
RP362: 3/28/2011 12:45:10 PM - Software Distribution Service 3.0
RP363: 3/29/2011 12:45:06 PM - Software Distribution Service 3.0
RP364: 3/30/2011 12:44:54 PM - Software Distribution Service 3.0
RP365: 3/31/2011 12:44:45 PM - Software Distribution Service 3.0
RP366: 4/1/2011 1:37:07 PM - System Checkpoint
RP367: 4/2/2011 9:39:02 AM - Software Distribution Service 3.0
RP368: 4/3/2011 1:58:35 AM - Software Distribution Service 3.0
RP369: 4/3/2011 9:38:58 AM - Software Distribution Service 3.0
RP370: 4/4/2011 9:38:47 AM - Software Distribution Service 3.0
RP371: 4/5/2011 9:38:51 AM - Software Distribution Service 3.0
RP372: 4/6/2011 9:38:52 AM - Software Distribution Service 3.0
RP373: 4/7/2011 9:38:53 AM - Software Distribution Service 3.0
RP374: 4/8/2011 9:38:50 AM - Software Distribution Service 3.0
RP375: 4/9/2011 9:38:51 AM - Software Distribution Service 3.0
RP376: 4/10/2011 1:58:49 AM - Software Distribution Service 3.0
RP377: 4/10/2011 9:38:58 AM - Software Distribution Service 3.0
RP378: 4/11/2011 9:39:00 AM - Software Distribution Service 3.0
RP379: 4/12/2011 9:38:40 AM - Software Distribution Service 3.0
RP380: 4/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP381: 4/14/2011 3:27:59 AM - System Checkpoint
RP382: 4/14/2011 3:30:19 AM - Software Distribution Service 3.0
RP383: 4/15/2011 3:30:20 AM - Software Distribution Service 3.0
RP384: 4/16/2011 3:58:46 AM - System Checkpoint
RP385: 4/16/2011 7:44:14 PM - Restore Operation
RP386: 4/16/2011 7:46:39 PM - Restore Operation
RP387: 4/17/2011 8:22:13 PM - System Checkpoint
RP388: 4/18/2011 10:00:53 AM - Restore Operation
RP389: 4/18/2011 10:19:13 AM - Restore Operation
RP390: 4/18/2011 10:22:09 AM - Removed Clean Run Magazine - August 2009
RP391: 4/19/2011 10:23:19 AM - System Checkpoint
RP392: 4/20/2011 11:14:31 AM - System Checkpoint
RP393: 4/20/2011 10:20:32 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP394: 4/21/2011 3:59:55 PM - Restore Operation
RP395: 4/21/2011 9:20:04 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP396: 4/25/2011 4:46:34 AM - System Checkpoint
RP397: 4/26/2011 2:00:54 PM - Installed Microsoft Easy Assist v2
RP398: 4/27/2011 8:09:12 PM - System Checkpoint
RP399: 4/28/2011 1:25:16 PM - Installed Microsoft Fix it 50362
RP400: 4/29/2011 8:38:30 AM - ARO 2011 - Before Installation
RP401: 4/29/2011 8:39:00 AM - ARO 2011 - FIRST RUN
RP402: 4/29/2011 9:08:35 AM - Installed Microsoft Fix it 50202
RP403: 4/29/2011 8:38:26 PM - Installed HiJackThis
RP404: 4/30/2011 10:33:21 PM - System Checkpoint
RP405: 5/1/2011 4:53:58 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Amazon Kindle For PC
Any Video Converter 3.1.6
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Bing Bar
Bing Bar Platform
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon i860
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Definition update for Microsoft Office 2010 (KB982726)
Driver Detective
Foxit Creator
Foxit Reader
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ieSpell
Internet Explorer (Enable DEP)
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Easy Assist v2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OverDrive Media Console
PhotoStitch
QuickTime
RAW Image Task
RemoteCapture Task
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sony USB Driver
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VLC media player 1.1.7
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
WinRAR archiver
Xvid 1.1.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
5/1/2011 9:54:13 AM, error: Print [6161]  - The document http://spywarehammer.com/simplemachinesforum/index.php?topic=10 owned by jean failed to print on printer Canon i860. Data type: NT EMF 1.008. Size of the spool file in bytes: 7340032. Number of bytes printed: 993404. Total number of pages in the document: 22. Number of pages printed: 2. Client machine: \\JEAN-C7D733DC67. Win32 error code returned by the print processor: 122 (0x7a).
5/1/2011 9:26:06 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
5/1/2011 7:29:27 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
5/1/2011 4:12:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/30/2011 5:27:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: http://www.microsoft.com    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
4/30/2011 11:58:15 PM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7034]  - The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:44 PM, error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7034]  - The Agere Modem Call Progress Audio service terminated unexpectedly.  It has done this 1 time(s).
4/30/2011 11:13:43 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/29/2011 3:30:26 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.623.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:45:51 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:42:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6802.0&avdelta=1.103.290.0&asdelta=1.103.290.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: JEAN-C7D733DC67\jean    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80072f76    Error description: The requested header was not found
4/28/2011 11:41:40 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 7:57:43 AM, error: Dhcp [1002]  - The IP address lease 72.220.58.4 for the Network Card with network address 0011D82DCB66 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/27/2011 7:39:59 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/27/2011 6:57:44 AM, error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
4/26/2011 9:23:07 PM, error: Service Control Manager [7023]  - The srv774 service terminated with the following error:  The specified module could not be found.
4/26/2011 4:08:07 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:38 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:06:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 4:05:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
4/26/2011 10:39:36 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/26/2011 10:36:01 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.103.290.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.6802.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 02, 2011, 03:52:25 PM
Hiya addictedtolabs


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the log from Malwarebytes, also tell me if you have any remaining issues or concercerns...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 02, 2011, 05:04:02 PM
 :p
Does this mean we are fixed!!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6493

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/2/2011 3:58:19 PM
mbam-log-2011-05-02 (15-58-19).txt

Scan type: Quick scan
Objects scanned: 158923
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 02, 2011, 05:10:20 PM
How is your system responding, any issues?
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 02, 2011, 06:36:58 PM
 :ty
Unbelievable 2 weeks of frustration and we are up and running. Cant thank you enough. Kody and Bailey are very relieved.
Cheers,
Jean
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 03, 2011, 01:07:06 AM
Hiya Jean,

Not quite finished, there are remnants from old security programs running on your system. McAfee, Stopzilla, Registry Mechanic and Vipre, these may cause issues with your own security programs.

As follows please:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]

KillAll::
DirLook::
C:\ea
File::
c:\windows\system32\mfevtps.exe
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\sbbd.exe
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\mfevtps.exe
Folder::
c:\docume~1\jean\applic~1\Registry Mechanic
c:\docume~1\alluse~1\applic~1\PC Tools
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\jean\applic~1\ElevatedDiagnostics
Driver::
mfehidk
mfevtp

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

(http://i121.photobucket.com/albums/o239/kevinf80/CF3.jpg)

(http://i121.photobucket.com/albums/o239/kevinf80/CFScriptB-4.gif)

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If you have no remaining issues we`ll clean up and remove all tools we have used in next post...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 03, 2011, 11:40:39 AM
I hope i did this correctly...had a hard time, forgot I renamed combofix, then could get file to move...

ComboFix 11-05-02.04 - jean 05/03/2011  10:18:56.4.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.494 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-03 to 2011-05-03  )))))))))))))))))))))))))))))))
.
.
2011-05-03 16:56 . 2011-05-03 16:56   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys
2011-05-03 16:56 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\mpengine.dll
2011-05-03 16:00 . 2011-05-03 16:00   --------   d-----w-   c:\windows\LastGood
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-02 22:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:14 . 2011-04-30 22:14   --------   d-----w-   c:\documents and settings\jean\Application Data\Registry Mechanic
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 22:06 . 2011-04-30 22:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-30 00:12 . 2011-04-30 00:12   --------   d-----w-   c:\documents and settings\jean\Application Data\ElevatedDiagnostics
2011-04-29 16:26 . 2010-11-09 21:56   98392   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2011-04-29 16:26 . 2010-11-09 21:56   27984   ----a-w-   c:\windows\system32\sbbd.exe
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-21 05:20 . 2011-04-22 04:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-21 03:43 . 2010-10-14 05:28   141792   ----a-w-   c:\windows\system32\mfevtps.exe
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-01_21.22.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-28 04:37 . 2011-05-03 16:03   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-07-28 04:37 . 2011-02-20 11:00   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-21 23:04 . 2011-05-02 18:16   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
- 2011-04-21 23:04 . 2011-04-21 23:04   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-21 23:04 . 2011-05-02 18:16   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
- 2011-04-21 23:04 . 2011-04-21 23:04   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-05-03 16:02 . 2011-05-03 16:02   200192              c:\windows\Installer\3587c8b.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   988160              c:\windows\Installer\3587c85.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   20314624              c:\windows\Installer\3587c96.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl1f58280b;MpKsl1f58280b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys [5/3/2011 9:56 AM 28752]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 9:26 AM 98392]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1F58280B
*NewlyCreated* - MPKSLE330359E
*NewlyCreated* - SEAPORT
*Deregistered* - MpKsle330359e
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 10:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2636)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-03  10:25:47
ComboFix-quarantined-files.txt  2011-05-03 17:25
ComboFix2.txt  2011-05-02 16:34
ComboFix3.txt  2011-05-01 21:25
.
Pre-Run: 67,339,059,200 bytes free
Post-Run: 67,365,675,008 bytes free
.
- - End Of File - - 1FAE685C686DF1F93572B6F5A6D7C127
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 03, 2011, 01:05:19 PM
Hiy Jean,

You got that part wrong, go back to post 24. The instruction asks you to open Notepad and copy and paste the script from the code box to Notepad, then Save it as CFScript.txt, and as Type: All Files (*.*)  in the same location as ComboFix.exe (Gotcha.exe) which is the Desktop, next drag the text file by left click on the file and hold the mouse button down, drag and drop on top of Combofix (Gotcha) release the mouse button.
Go back to post 24 and follow the instructions... Any problems, let me know.

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 03, 2011, 01:49:08 PM
Trying again

ComboFix 11-05-02.04 - jean 05/03/2011  12:20:56.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.629 [GMT -7:00]
Running from: c:\documents and settings\jean\Desktop\Gotcha.exe
Command switches used :: c:\documents and settings\jean\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\mfehidk.sys"
"c:\windows\system32\drivers\SBREDrv.sys"
"c:\windows\system32\mfevtps.exe"
"c:\windows\system32\sbbd.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\alluse~1\applic~1\PC Tools
c:\docume~1\alluse~1\applic~1\PC Tools\DownloadManager\Registry Mechanic10.0\rminstall_revwire207_aff_dl.exe
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
c:\docume~1\alluse~1\applic~1\STOPzilla!\scanner.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-000.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-001.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-002.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-003.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-004.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-005.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-006.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-007.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-008.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-009.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-010.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-011.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-012.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-013.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-014.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-015.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-016.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-017.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-018.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-019.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-020.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-021.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-022.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-023.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-024.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-025.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-026.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-027.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-028.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-029.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-030.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-031.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-032.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-033.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-034.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-035.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-036.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-037.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-038.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-039.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-040.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-041.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-042.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-043.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-044.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-045.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-046.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-047.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-048.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-049.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-050.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-051.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-052.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-053.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-054.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-055.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-056.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-057.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-058.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-059.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-060.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-061.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-062.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-063.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-064.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-065.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-066.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-067.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-068.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-069.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-070.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-071.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-072.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-073.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-074.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-075.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-076.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-077.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-078.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-079.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-080.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-081.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-082.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-083.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-084.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-085.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vb-086.vdb
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vbcorent.dll
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\vdb.xml
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\xml_edk.log-1
c:\docume~1\alluse~1\applic~1\STOPzilla!\vdb\xml_edk.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\zilla5.log
c:\docume~1\jean\applic~1\ElevatedDiagnostics
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\DIAG_WindowsFirewallDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\DIAG_WindowsFirewallDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ElevatedDiagnostics\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\2011043000.000\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2035183873\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\DIAG_IEPerformanceDiagnostic.0.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\DIAG_IEPerformanceDiagnostic.1.debugreport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ElevatedDiagnostics\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\CHECK.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\COLLAPSE.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\ERROR.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\EXPAND.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\INFO.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\PRINT.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\Images\WARNING.PNG
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\latest.cab
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\ResultReport.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\results.xml
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\2011043000.000\results.xsl
c:\docume~1\jean\applic~1\ElevatedDiagnostics\2420869180\latest.cab
c:\docume~1\jean\applic~1\Registry Mechanic
c:\docume~1\jean\applic~1\Registry Mechanic\log\pgscan_04.30.2011_15.14.45.html
c:\docume~1\jean\applic~1\Registry Mechanic\log\pgscan_04.30.2011_15.16.43.html
c:\docume~1\jean\applic~1\Registry Mechanic\SystemReport.txt
c:\windows\system32\drivers\mfehidk.sys
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\system32\mfevtps.exe
c:\windows\system32\sbbd.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MFEHIDK
-------\Legacy_MFEVTP
-------\Service_mfehidk
-------\Service_mfevtp
-------\Legacy_SBRE
-------\Service_SBRE
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-03 to 2011-05-03  )))))))))))))))))))))))))))))))
.
.
2011-05-03 19:13 . 2011-05-03 19:13   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\MpKsl32b0c0d8.sys
2011-05-03 17:30 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\mpengine.dll
2011-05-01 06:46 . 2011-05-01 06:46   --------   d-----w-   c:\documents and settings\jean\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 06:45 . 2011-05-01 06:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-01 06:45 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-01 06:45 . 2011-05-02 22:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-04-30 22:08 . 2011-04-30 22:21   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2011-04-30 03:38 . 2011-04-30 03:38   388096   ----a-r-   c:\documents and settings\jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 03:38 . 2011-04-30 03:38   --------   d-----w-   c:\program files\Trend Micro
2011-04-29 16:26 . 2011-04-29 21:55   --------   d-----w-   C:\VIPRERESCUE
2011-04-29 15:38 . 2011-04-29 22:22   --------   d-----w-   c:\documents and settings\jean\Application Data\Sammsoft
2011-04-26 21:21 . 2011-04-28 18:54   --------   d-----w-   C:\KodakESS
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\program files\Microsoft Easy Assist
2011-04-26 21:00 . 2011-04-26 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Applications
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-23 00:31 . 2011-03-18 17:53   781272   ----a-w-   c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-23 00:31 . 2011-03-18 17:53   1874904   ----a-w-   c:\program files\Mozilla Firefox\mozjs.dll
2011-04-23 00:31 . 2011-03-18 17:53   15832   ----a-w-   c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-23 00:31 . 2011-03-18 17:53   728024   ----a-w-   c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-23 00:31 . 2011-03-18 17:53   142296   ----a-w-   c:\program files\Mozilla Firefox\libEGL.dll
2011-04-23 00:31 . 2011-03-18 17:53   1893336   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-23 00:31 . 2011-03-18 17:53   1975768   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-22 17:44 . 2011-04-22 17:44   --------   d-----w-   C:\ea
2011-04-22 16:22 . 2011-04-22 16:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-04-22 02:50 . 2011-04-22 02:57   --------   d-----w-   c:\documents and settings\Administrator.JEAN-C7D733DC67
2011-04-22 02:22 . 2011-04-22 02:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2011-04-19 14:10 . 2011-04-19 14:10   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-19 09:45 . 2011-04-19 09:45   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-18 21:35 . 2011-04-18 21:35   --------   d-----w-   c:\windows\system32\config\systemprofile\Application Data\Windows Search
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-18 20:11 . 2011-04-18 20:11   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-18 04:57 . 2011-04-18 04:57   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2011-04-17 08:33 . 2011-04-17 08:33   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:28 . 2009-08-18 18:30   564632   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-29 15:28 . 2009-08-18 18:24   18328   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 07:04 . 2010-07-25 08:44   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-07-24 18:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-14 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-14 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-24 18:56   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 01:11 . 2010-07-24 18:52   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-03-18 17:53 . 2011-04-23 00:31   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\ea ----
.
2009-03-28 00:01 . 2009-03-28 00:01   288616   ----a-w-   c:\ea\Support_Resources_zh_TW.dll
2009-03-27 23:57 . 2009-03-27 23:57   288104   ----a-w-   c:\ea\Support_Resources_zh_CN.dll
2009-03-27 23:53 . 2009-03-27 23:53   305000   ----a-w-   c:\ea\Support_Resources_sv_SE.dll
2009-03-27 23:49 . 2009-03-27 23:49   308584   ----a-w-   c:\ea\Support_Resources_ru_RU.dll
2009-03-27 23:45 . 2009-03-27 23:45   308584   ----a-w-   c:\ea\Support_Resources_ro_RO.dll
2009-03-27 23:39 . 2009-03-27 23:39   308568   ----a-w-   c:\ea\Support_Resources_pt_PT.dll
2009-03-27 23:35 . 2009-03-27 23:35   308072   ----a-w-   c:\ea\Support_Resources_pt_BR.dll
2009-03-27 23:31 . 2009-03-27 23:31   309592   ----a-w-   c:\ea\Support_Resources_pl_PL.dll
2009-03-27 23:27 . 2009-03-27 23:27   309096   ----a-w-   c:\ea\Support_Resources_nl_NL.dll
2009-03-27 23:23 . 2009-03-27 23:23   304488   ----a-w-   c:\ea\Support_Resources_nb_NO.dll
2009-03-27 23:19 . 2009-03-27 23:19   293224   ----a-w-   c:\ea\Support_Resources_ko_KR.dll
2009-03-27 23:15 . 2009-03-27 23:15   293736   ----a-w-   c:\ea\Support_Resources_ja_JP.dll
2009-03-27 23:11 . 2009-03-27 23:11   309096   ----a-w-   c:\ea\Support_Resources_it_IT.dll
2009-03-27 23:07 . 2009-03-27 23:07   308568   ----a-w-   c:\ea\Support_Resources_hu_HU.dll
2009-03-27 23:03 . 2009-03-27 23:03   311128   ----a-w-   c:\ea\Support_Resources_fr_FR.dll
2009-03-27 22:59 . 2009-03-27 22:59   307560   ----a-w-   c:\ea\Support_Resources_fi_FI.dll
2009-03-27 22:55 . 2009-03-27 22:55   310104   ----a-w-   c:\ea\Support_Resources_es_ES.dll
2009-03-27 22:51 . 2009-03-27 22:51   312680   ----a-w-   c:\ea\Support_Resources_el_GR.dll
2009-03-27 22:47 . 2009-03-27 22:47   311656   ----a-w-   c:\ea\Support_Resources_de_DE.dll
2009-03-27 22:43 . 2009-03-27 22:43   305512   ----a-w-   c:\ea\Support_Resources_da_DK.dll
2009-03-27 22:39 . 2009-03-27 22:39   306536   ----a-w-   c:\ea\Support_Resources_cs_CZ.dll
2009-03-27 22:16 . 2009-03-27 22:16   304984   ----a-w-   c:\ea\Support_Resources_en_US.dll
2009-03-27 22:06 . 2009-03-27 22:06   2730336   ----a-w-   c:\ea\SupportConsole.exe
2009-03-27 22:06 . 2009-03-27 22:06   1449816   ----a-w-   c:\ea\AppShare.dll
2009-03-27 22:06 . 2009-03-27 22:06   920912   ----a-w-   c:\ea\Collaborate.dll
2009-03-27 22:05 . 2009-03-27 22:05   118112   ----a-w-   c:\ea\CollabHook.EA.dll
2009-03-27 22:05 . 2009-03-27 22:05   52552   ----a-w-   c:\ea\AutoScale.dll
2009-03-23 17:30 . 2009-03-23 17:30   848   ----a-w-   c:\ea\supportconsole.exe.manifest
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-05-01_21.22.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-03 19:28 . 2011-05-03 19:28   16384              c:\windows\temp\Perflib_Perfdata_618.dat
- 2010-07-28 04:37 . 2011-02-20 11:00   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-07-28 04:37 . 2011-05-03 16:03   49152              c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-21 23:04 . 2011-05-02 18:16   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
- 2011-04-21 23:04 . 2011-04-21 23:04   235168              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-21 23:04 . 2011-05-02 18:16   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
- 2011-04-21 23:04 . 2011-04-21 23:04   311456              c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-05-03 16:02 . 2011-05-03 16:02   200192              c:\windows\Installer\3587c8b.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   988160              c:\windows\Installer\3587c85.msi
+ 2011-05-03 16:02 . 2011-05-03 16:02   20314624              c:\windows\Installer\3587c96.msp
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-10 13923432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv774]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49   932288   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45   35736   ----a-w-   c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47   57344   ----a-w-   c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17   207424   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-14 02:10   103720   ----a-w-   c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 21:21   2213160   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57   153136   ----a-w-   c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-10 00:24   13923432   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 09:58   718208   ----a-w-   c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\uPlayer\\uPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl32b0c0d8;MpKsl32b0c0d8;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069FC840-DA24-42A0-81CB-9AC66425B393}\MpKsl32b0c0d8.sys [5/3/2011 12:13 PM 28752]
S1 MpKsl1c95646b;MpKsl1c95646b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B7DEBAB-0A7A-4532-B565-DDC974A80D2C}\MpKsl1c95646b.sys [?]
S1 MpKsl1f58280b;MpKsl1f58280b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10AC30C-7941-45C9-BFCC-FF83983D66FE}\MpKsl1f58280b.sys [?]
S1 MpKsl1f94acea;MpKsl1f94acea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F017568-541E-40B4-9986-7628A4D94C31}\MpKsl1f94acea.sys [?]
S1 MpKsl70de0823;MpKsl70de0823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE21BA05-135C-4225-9AB5-B7B79FB5E6FD}\MpKsl70de0823.sys [?]
S1 MpKsl7e6d7dc3;MpKsl7e6d7dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0C13CF9-8F0C-4CD0-BA74-6AF97E04A0C4}\MpKsl7e6d7dc3.sys [?]
S1 MpKslfd2991ba;MpKslfd2991ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A77F779F-F6FF-4BAE-9DAF-C5F4858A5AD9}\MpKslfd2991ba.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S2 srv774;srv774;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:00 AM 14336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 5:03 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
srv774
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 00:03]
.
2011-05-03 c:\windows\Tasks\User_Feed_Synchronization-{855DB549-3D9B-4374-BA93-A82531A84B8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {F58DE655-19FD-49D7-A154-D3546736BBF9} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\jean\Application Data\Mozilla\Firefox\Profiles\5plrmyj5.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/?.intl=us
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv774]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\DOCUME~1\jean\LOCALS~1\Temp\srv774.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-03  12:43:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-05-03 19:43
ComboFix2.txt  2011-05-03 17:25
ComboFix3.txt  2011-05-02 16:34
ComboFix4.txt  2011-05-01 21:25
.
Pre-Run: 67,367,596,032 bytes free
Post-Run: 67,200,196,608 bytes free
.
- - End Of File - - FEB3BFB92136B9EEB0F785C9775B3753
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 03, 2011, 02:10:57 PM
How is your system responding, any issues?
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 03, 2011, 05:14:02 PM

Not that I can see. Didnt have printer earlier but rebooted and everything was fine.
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 04, 2011, 01:02:06 AM
Hiya Jean,

If you have no remaining issues proceed as follows :-

Step 1

The above procedure will delete the following:

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Step 3

Remove the ESET Online Scanner components from your computer, start the Add or Remove Programs (filename: appwiz.cpl) applet from Control Panel, select the ESET Online Scanner entry and click Remove. This will happen quickly, only re-boot if prompted.

Step 4

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 25.


Let me know if the above steps complete OK, also an update on any issues you may have, if none tell me......

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 04, 2011, 08:51:33 AM
Hi,
I could not find ESET Online scanner in my add remove prog. or by searching for the file name appwiz.cpl

Should I also remove malwarebytes,hjackthis etc.
In my ADD/Remove is Driver Detective a program which I removed months ago but have not been able to get it off the list.

Thanks,
Jean
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 04, 2011, 09:47:34 AM
Hiya Jean,

You may have already uninstalled ESET if it is not showing in Add/Remove Programs list.  After every scan an option to uninstall ESET Online Scanner with all its components is provided. It is easy, convenient and can be done directly via the graphic user interface by clicking on the corresponding checkbox and hitting the "uninstall on close" button.

How did you uninstall Driver Detective, did you do it via Add/Remove? It does show as still installed in the DDS log. Boot into Safe Mode and uninstall via Start > Control Panel > Add/Remove Programs.
Instructions to boot to Safe Mode Here (http://support.microsoft.com/kb/315222) if required.

I recommend that you keep Malwarebytes free version for twice weekly quick scans and once two weekly full scans, or as required scans. Always remember to update first. If you have a spare £20 upgrade to the professional version, you get realtime protection and auto updates.
It will run with Microsoft Security Essentials without issue..

Regarding HJT, you can uninstall via Add/Remove Programs.

Select the Windows key and R key together, type or copy/paste appwiz.cpl into the open box, press enter or select OK. That will open Add/Remove Programs for you.

Let me know if that helps,

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 05, 2011, 08:31:45 AM
The Driver D program does not have a remove option in Add/Remove program. I have contacted their CS several times but have had no response. It doesnt seem to be causing any problems so I can let it go for now.

Thank you for all your help and advice.  :b

Cheers,
Jean
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 05, 2011, 09:28:32 AM
Hiya Jean,

Navigate to the folder Start > My Computer > C:\Program Files\ Driver Dectective. Open the folder and check if there is a file marked as "uninstall" or "unwise" If so double click on that file.
If that dont work go here http://download.cnet.com/Your-Uninstaller/3000-2096_4-10143715.html (http://download.cnet.com/Your-Uninstaller/3000-2096_4-10143715.html) and d/l and install Your Uninstaller, this is a 21 day trial version. From the main interface select Driver Dectective then uninstall, it should remove it for you...

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 05, 2011, 03:48:10 PM
Again thanks.

 It wouldn't uninstall even after finding the file but the program you recommended worked. 
I will definitely run the bi-weekly scans as you suggested.

Cheers,
Jean

Ps where do you get those emotions, they are fun
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 05, 2011, 11:42:40 PM
Hiya Jean,

Good to hear we finally got the last of your issues resolved, you can remove Your Uninstaller through Add/Remove Programs...

Regarding the emoticons, I`m not sure, you would have to PM one of the Admins for that info...

Here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol (http://www.winpatrol.com/download.html)  This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here (http://www.winpatrol.com/features.html)

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here (http://secunia.com/vulnerability_scanning/online/?task=load)   Before clicking the Start scan  button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... (http://i121.photobucket.com/albums/o239/kevinf80/process.gif)
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.


Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
 
Firefox (http://www.mozilla.com/en-US/),

Opera (http://www.opera.com/), and

Chrome (http://www.google.com/chrome").
 
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE (http://www.bleepingcomputer.com/tutorials/tutorial102.html) which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust (http://www.mywot.com/) warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript (http://noscript.net/) helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS (http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm) article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein (http://spywarehammer.com/simplemachinesforum/index.php?topic=398.0)

How to prevent Malware by Miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)

Finally this link HERE (http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software) will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

It was a pleasure to work with you, take care,

Kevin
Title: Re: [Resolved K] Advertising pop up
Post by: addictedtolabs on May 06, 2011, 11:12:27 AM
 :p

Done, I thank you, my fur kids thank you.....have been unemployed for over a year, I am so happy that I dont have to buy a new computer...as I was told by Godzilla teck.

 :b

Cheers,
Jean
Title: Re: [Resolved K] Advertising pop up
Post by: kevinf80 on May 06, 2011, 12:09:48 PM
Since this issue appears to be resolved  the topic has been closed. Glad we could help.  :t

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.