Alright, I'm here for finally finish this. I started in the Windows BSOD, Freezing, Restarting Help section and got sent here, so more info is on that topic over there. I don't know if you wanted me to post a link so I'll leave it at that.
There has been blue screens, black screens, memory dumps, supposively porn pop ups (although I have yet to encounter one). The only pop ups I encountered were when I was trying to do DDS in the 6 steps, it made a lot of pop ups appear for some reason? Also most the time it's very hard to get to the actually desktop. You'll get to welcome and it will black screen and restart. Oh, and no matter what I try I can't get microsofts update to check for updates through their website. Thank you whoever can make a little time.
GMER took forever to run (about half a day) and also had to be done in safemode. It was not fun trying to get it to work.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4794
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
10/11/2010 12:40:02 PM
mbam-log-2010-10-11 (12-40-02).txt
Scan type: Quick scan
Objects scanned: 144214
Time elapsed: 15 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7db0a0e2-fd42-43ae-a12a-760dbbc3c876} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\wmpdxm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 23:33:34
Windows 5.1.2600 Service Pack 2
Running: hhgcoi36.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\aflcikob.sys
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\System32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xF746FA14]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B3000C
---- Devices - GMER 1.0.15 ----
Device -> \Driver\atapi \Device\Harddisk0\DR0 83537EC5
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\DRIVERS\netbt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-09.01) - NTFSx86
Run by Becky at 11:11:16.59 on Tue 11/09/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.478 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Becky\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-system: WallpaperStyle = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: Wallpaper = c:\wp.bmp
IE: &Search - ?p=ZCfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\becky\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\becky\applic~1\mozilla\firefox\profiles\k8y9lwa5.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-17 7168]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\naveng.sys [2010-6-11 85552]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\navex15.sys [2010-6-11 1347504]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
=============== Created Last 30 ================
2010-10-11 16:12:12 -------- d-----w- c:\docume~1\becky\applic~1\Malwarebytes
2010-10-11 16:12:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 16:12:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 16:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2010-10-11 17:51:11 90112 ----a-w- c:\windows\DUMP8359.tmp
2002-08-29 12:00:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56:46 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56:42 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56:43 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56:43 413696 --sha-w- c:\windows\system32\msvcp60.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SV4002H rev.QP100-06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83338EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x82ba5872; SUB DWORD [EBP-0x4], 0x82ba512e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83790AB8]
3 CLASSPNP[0xF795005B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000067[0x837CEF18]
5 ACPI[0xF78C6620] -> nt!IofCallDriver[0x804E37D5] -> [0x8375ED98]
[0x836E6F10] -> IRP_MJ_CREATE -> 0x83338EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SV4002H_________________________QP100-06#33303937314a5246343830383738_0_0_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83338AEA
user & kernel MBR OK
sectors 78242974 (+213): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 11:13:36.40 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-09.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/3/2004 4:19:48 PM
System Uptime: 11/9/2010 11:04:21 AM (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 7VKMP
Processor: AMD Athlon(tm) Processor | Socket-A | 1405/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 21.561 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Manufacturer: VIA Technologies
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic
==== System Restore Points ===================
RP1828: 4/16/2010 3:54:49 AM - System Checkpoint
RP1829: 4/21/2010 8:08:05 AM - Software Distribution Service 3.0
RP1830: 4/21/2010 8:34:21 AM - Removed Network Magic
RP1831: 4/21/2010 8:37:22 AM - Removed TuneUp Utilities 2006
RP1832: 4/27/2010 11:00:00 PM - System Checkpoint
RP1833: 4/28/2010 11:52:02 PM - System Checkpoint
RP1834: 4/30/2010 12:52:02 AM - System Checkpoint
RP1835: 5/1/2010 2:04:19 AM - System Checkpoint
RP1836: 5/2/2010 2:52:03 AM - System Checkpoint
RP1837: 5/3/2010 3:05:36 AM - System Checkpoint
RP1838: 5/4/2010 3:52:06 AM - System Checkpoint
RP1839: 5/5/2010 4:45:12 AM - System Checkpoint
RP1840: 5/6/2010 5:45:11 AM - System Checkpoint
RP1841: 5/7/2010 6:45:11 AM - System Checkpoint
RP1842: 5/8/2010 7:45:11 AM - System Checkpoint
RP1843: 5/9/2010 8:45:17 AM - System Checkpoint
RP1844: 5/10/2010 9:45:11 AM - System Checkpoint
RP1845: 5/11/2010 10:45:12 AM - System Checkpoint
RP1846: 5/12/2010 3:00:25 AM - Software Distribution Service 3.0
RP1847: 5/13/2010 3:44:58 AM - System Checkpoint
RP1848: 5/14/2010 4:45:05 AM - System Checkpoint
RP1849: 5/15/2010 5:44:57 AM - System Checkpoint
RP1850: 5/16/2010 6:44:59 AM - System Checkpoint
RP1851: 5/17/2010 6:46:06 AM - System Checkpoint
RP1852: 5/18/2010 7:44:58 AM - System Checkpoint
RP1853: 5/19/2010 8:43:55 AM - System Checkpoint
RP1854: 5/20/2010 9:43:55 AM - System Checkpoint
RP1855: 5/21/2010 12:37:46 PM - System Checkpoint
RP1856: 5/23/2010 12:56:13 PM - System Checkpoint
RP1857: 5/24/2010 1:10:09 PM - System Checkpoint
RP1858: 5/25/2010 6:52:59 PM - System Checkpoint
RP1859: 5/26/2010 3:00:25 AM - Software Distribution Service 3.0
RP1860: 5/27/2010 3:35:58 AM - System Checkpoint
RP1861: 5/28/2010 4:35:45 AM - System Checkpoint
RP1862: 5/29/2010 5:35:45 AM - System Checkpoint
RP1863: 5/30/2010 6:35:48 AM - System Checkpoint
RP1864: 5/31/2010 7:35:45 AM - System Checkpoint
RP1865: 6/1/2010 8:35:45 AM - System Checkpoint
RP1866: 6/2/2010 9:33:42 AM - System Checkpoint
RP1867: 6/3/2010 6:05:22 PM - System Checkpoint
RP1868: 6/4/2010 8:19:12 PM - System Checkpoint
RP1869: 6/6/2010 5:52:16 PM - System Checkpoint
RP1870: 6/7/2010 6:30:16 PM - System Checkpoint
RP1871: 6/8/2010 11:41:15 PM - System Checkpoint
RP1872: 6/10/2010 12:33:17 AM - System Checkpoint
RP1873: 6/10/2010 3:00:48 AM - Software Distribution Service 3.0
RP1874: 6/11/2010 4:02:30 AM - System Checkpoint
RP1875: 6/12/2010 4:59:07 AM - System Checkpoint
RP1876: 6/13/2010 5:59:00 AM - System Checkpoint
RP1877: 6/14/2010 6:12:53 AM - System Checkpoint
RP1878: 6/15/2010 7:12:53 AM - System Checkpoint
RP1879: 6/16/2010 8:14:02 AM - System Checkpoint
RP1880: 6/17/2010 9:12:52 AM - System Checkpoint
RP1881: 6/18/2010 7:25:54 PM - System Checkpoint
RP1882: 6/19/2010 7:56:33 PM - System Checkpoint
RP1883: 6/20/2010 8:56:25 PM - System Checkpoint
RP1884: 6/21/2010 9:56:27 PM - System Checkpoint
RP1885: 6/22/2010 10:56:26 PM - System Checkpoint
RP1886: 6/23/2010 3:00:23 AM - Software Distribution Service 3.0
RP1887: 6/24/2010 4:00:19 AM - System Checkpoint
RP1888: 6/25/2010 4:56:26 AM - System Checkpoint
RP1889: 6/26/2010 5:54:52 AM - System Checkpoint
RP1890: 6/27/2010 6:54:16 AM - System Checkpoint
RP1891: 7/9/2010 6:16:44 PM - Restore Operation
RP1892: 7/10/2010 6:28:14 PM - System Checkpoint
RP1893: 7/11/2010 6:32:43 PM - System Checkpoint
RP1894: 7/13/2010 10:23:42 PM - System Checkpoint
RP1895: 9/20/2010 3:43:29 PM - Cleaned registry with Windows Live OneCare safety scanner
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8
Art Explosion Scrapbook Factory Deluxe
AT&T Global Network Client Managed VPN Edition
AT&T Passport for Windows 95
Auslogics Disk Defrag
CCScore
Critical Update for Windows Media Player 11 (KB959772)
Diskeeper Professional Edition
DNA
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Estate Planner 2.0
EVEREST Home Edition v2.20
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp photosmart 1115 series
hp photosmart printer series (Remove only)
HP Share-to-Web
IMVU Avatar Chat Software
Java(TM) 6 Update 17
kgcbase
Kodak EasyShare software
LBT Preschool Adventure
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Wal-Mart Digital Photo Center
netbrdg
NetObjects Fusion 9.0
OfotoXMI
Outspark Launcher
Pando Media Booster
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
Symantec AntiVirus
Tonka Raceway
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player (Remove Only)
VPRINTOL
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Internet Mail
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
11/9/2010 11:06:56 AM, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
11/9/2010 11:05:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 000D611BD59A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Edit: Pop ups are now always coming whenever I refresh or try to go anywhere on the internet almost.
There has been blue screens, black screens, memory dumps, supposively porn pop ups (although I have yet to encounter one). The only pop ups I encountered were when I was trying to do DDS in the 6 steps, it made a lot of pop ups appear for some reason? Also most the time it's very hard to get to the actually desktop. You'll get to welcome and it will black screen and restart. Oh, and no matter what I try I can't get microsofts update to check for updates through their website. Thank you whoever can make a little time.
GMER took forever to run (about half a day) and also had to be done in safemode. It was not fun trying to get it to work.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4794
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
10/11/2010 12:40:02 PM
mbam-log-2010-10-11 (12-40-02).txt
Scan type: Quick scan
Objects scanned: 144214
Time elapsed: 15 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7db0a0e2-fd42-43ae-a12a-760dbbc3c876} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\wmpdxm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 23:33:34
Windows 5.1.2600 Service Pack 2
Running: hhgcoi36.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\aflcikob.sys
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\System32\DRIVERS\netbt.sys entry point in ".rsrc" section [0xF746FA14]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A9000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A7000C
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 008D000A
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B3000C
---- Devices - GMER 1.0.15 ----
Device -> \Driver\atapi \Device\Harddisk0\DR0 83537EC5
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\System32\DRIVERS\netbt.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-09.01) - NTFSx86
Run by Becky at 11:11:16.59 on Tue 11/09/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.735.478 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Becky\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-system: WallpaperStyle = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: Wallpaper = c:\wp.bmp
IE: &Search - ?p=ZCfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\becky\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\becky\applic~1\mozilla\firefox\profiles\k8y9lwa5.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-17 7168]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\naveng.sys [2010-6-11 85552]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100611.003\navex15.sys [2010-6-11 1347504]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
=============== Created Last 30 ================
2010-10-11 16:12:12 -------- d-----w- c:\docume~1\becky\applic~1\Malwarebytes
2010-10-11 16:12:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 16:12:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 16:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
==================== Find3M ====================
2010-10-11 17:51:11 90112 ----a-w- c:\windows\DUMP8359.tmp
2002-08-29 12:00:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56:46 50688 -csh--w- c:\windows\twain_32.dll
2004-08-04 07:56:42 1028096 --sha-w- c:\windows\system32\mfc42.dll
2004-08-04 07:56:43 54784 -csha-w- c:\windows\system32\msvcirt.dll
2004-08-04 07:56:43 413696 --sha-w- c:\windows\system32\msvcp60.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SV4002H rev.QP100-06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83338EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x82ba5872; SUB DWORD [EBP-0x4], 0x82ba512e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83790AB8]
3 CLASSPNP[0xF795005B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000067[0x837CEF18]
5 ACPI[0xF78C6620] -> nt!IofCallDriver[0x804E37D5] -> [0x8375ED98]
[0x836E6F10] -> IRP_MJ_CREATE -> 0x83338EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SV4002H_________________________QP100-06#33303937314a5246343830383738_0_0_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83338AEA
user & kernel MBR OK
sectors 78242974 (+213): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 11:13:36.40 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-09.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/3/2004 4:19:48 PM
System Uptime: 11/9/2010 11:04:21 AM (0 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 7VKMP
Processor: AMD Athlon(tm) Processor | Socket-A | 1405/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 21.561 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Manufacturer: VIA Technologies
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_80\3&61AAA01&0&81
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic
==== System Restore Points ===================
RP1828: 4/16/2010 3:54:49 AM - System Checkpoint
RP1829: 4/21/2010 8:08:05 AM - Software Distribution Service 3.0
RP1830: 4/21/2010 8:34:21 AM - Removed Network Magic
RP1831: 4/21/2010 8:37:22 AM - Removed TuneUp Utilities 2006
RP1832: 4/27/2010 11:00:00 PM - System Checkpoint
RP1833: 4/28/2010 11:52:02 PM - System Checkpoint
RP1834: 4/30/2010 12:52:02 AM - System Checkpoint
RP1835: 5/1/2010 2:04:19 AM - System Checkpoint
RP1836: 5/2/2010 2:52:03 AM - System Checkpoint
RP1837: 5/3/2010 3:05:36 AM - System Checkpoint
RP1838: 5/4/2010 3:52:06 AM - System Checkpoint
RP1839: 5/5/2010 4:45:12 AM - System Checkpoint
RP1840: 5/6/2010 5:45:11 AM - System Checkpoint
RP1841: 5/7/2010 6:45:11 AM - System Checkpoint
RP1842: 5/8/2010 7:45:11 AM - System Checkpoint
RP1843: 5/9/2010 8:45:17 AM - System Checkpoint
RP1844: 5/10/2010 9:45:11 AM - System Checkpoint
RP1845: 5/11/2010 10:45:12 AM - System Checkpoint
RP1846: 5/12/2010 3:00:25 AM - Software Distribution Service 3.0
RP1847: 5/13/2010 3:44:58 AM - System Checkpoint
RP1848: 5/14/2010 4:45:05 AM - System Checkpoint
RP1849: 5/15/2010 5:44:57 AM - System Checkpoint
RP1850: 5/16/2010 6:44:59 AM - System Checkpoint
RP1851: 5/17/2010 6:46:06 AM - System Checkpoint
RP1852: 5/18/2010 7:44:58 AM - System Checkpoint
RP1853: 5/19/2010 8:43:55 AM - System Checkpoint
RP1854: 5/20/2010 9:43:55 AM - System Checkpoint
RP1855: 5/21/2010 12:37:46 PM - System Checkpoint
RP1856: 5/23/2010 12:56:13 PM - System Checkpoint
RP1857: 5/24/2010 1:10:09 PM - System Checkpoint
RP1858: 5/25/2010 6:52:59 PM - System Checkpoint
RP1859: 5/26/2010 3:00:25 AM - Software Distribution Service 3.0
RP1860: 5/27/2010 3:35:58 AM - System Checkpoint
RP1861: 5/28/2010 4:35:45 AM - System Checkpoint
RP1862: 5/29/2010 5:35:45 AM - System Checkpoint
RP1863: 5/30/2010 6:35:48 AM - System Checkpoint
RP1864: 5/31/2010 7:35:45 AM - System Checkpoint
RP1865: 6/1/2010 8:35:45 AM - System Checkpoint
RP1866: 6/2/2010 9:33:42 AM - System Checkpoint
RP1867: 6/3/2010 6:05:22 PM - System Checkpoint
RP1868: 6/4/2010 8:19:12 PM - System Checkpoint
RP1869: 6/6/2010 5:52:16 PM - System Checkpoint
RP1870: 6/7/2010 6:30:16 PM - System Checkpoint
RP1871: 6/8/2010 11:41:15 PM - System Checkpoint
RP1872: 6/10/2010 12:33:17 AM - System Checkpoint
RP1873: 6/10/2010 3:00:48 AM - Software Distribution Service 3.0
RP1874: 6/11/2010 4:02:30 AM - System Checkpoint
RP1875: 6/12/2010 4:59:07 AM - System Checkpoint
RP1876: 6/13/2010 5:59:00 AM - System Checkpoint
RP1877: 6/14/2010 6:12:53 AM - System Checkpoint
RP1878: 6/15/2010 7:12:53 AM - System Checkpoint
RP1879: 6/16/2010 8:14:02 AM - System Checkpoint
RP1880: 6/17/2010 9:12:52 AM - System Checkpoint
RP1881: 6/18/2010 7:25:54 PM - System Checkpoint
RP1882: 6/19/2010 7:56:33 PM - System Checkpoint
RP1883: 6/20/2010 8:56:25 PM - System Checkpoint
RP1884: 6/21/2010 9:56:27 PM - System Checkpoint
RP1885: 6/22/2010 10:56:26 PM - System Checkpoint
RP1886: 6/23/2010 3:00:23 AM - Software Distribution Service 3.0
RP1887: 6/24/2010 4:00:19 AM - System Checkpoint
RP1888: 6/25/2010 4:56:26 AM - System Checkpoint
RP1889: 6/26/2010 5:54:52 AM - System Checkpoint
RP1890: 6/27/2010 6:54:16 AM - System Checkpoint
RP1891: 7/9/2010 6:16:44 PM - Restore Operation
RP1892: 7/10/2010 6:28:14 PM - System Checkpoint
RP1893: 7/11/2010 6:32:43 PM - System Checkpoint
RP1894: 7/13/2010 10:23:42 PM - System Checkpoint
RP1895: 9/20/2010 3:43:29 PM - Cleaned registry with Windows Live OneCare safety scanner
==== Installed Programs ======================
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8
Art Explosion Scrapbook Factory Deluxe
AT&T Global Network Client Managed VPN Edition
AT&T Passport for Windows 95
Auslogics Disk Defrag
CCScore
Critical Update for Windows Media Player 11 (KB959772)
Diskeeper Professional Edition
DNA
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Estate Planner 2.0
EVEREST Home Edition v2.20
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp photosmart 1115 series
hp photosmart printer series (Remove only)
HP Share-to-Web
IMVU Avatar Chat Software
Java(TM) 6 Update 17
kgcbase
Kodak EasyShare software
LBT Preschool Adventure
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Professional
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Wal-Mart Digital Photo Center
netbrdg
NetObjects Fusion 9.0
OfotoXMI
Outspark Launcher
Pando Media Booster
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
Symantec AntiVirus
Tonka Raceway
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player (Remove Only)
VPRINTOL
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Yahoo! Internet Mail
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
11/9/2010 11:06:56 AM, error: Service Control Manager [7023] - The Symantec AntiVirus service terminated with the following error: The environment is incorrect.
11/9/2010 11:05:56 AM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 000D611BD59A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
Edit: Pop ups are now always coming whenever I refresh or try to go anywhere on the internet almost.