I ran Malwarebytes and it found what it called Trojan.FakeAlert and another bad registry key. I chose to fix the problems using malwarebyes, but after restarting the rogue popup software was still there.
I ran a quick scan with MWB again and found another registry key which MWB fixed too.
Upon restarting a second time the popups seem to have disappeared, but I decided to play it safe and someone told me to run combofix.
After running ComboFix it instructed me to post the results here.
I apologize in advance if this shows you that the computer was clean, but I would rather be safe than sorry.
Any help you can offer or any time you can dedicate to reviewing this would be greatly appreciated!
Thank you in advance.
ComboFix 10-04-28.03 - Helen 04/28/2010 22:31:20.1.2 - x86
Running from: E:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2068866768-3888667489-438035881-500
c:\$recycle.bin\S-1-5-21-386390668-2062263383-2522555131-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Helen\AppData\Local\ave.exe
c:\users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\F1dN2.jpg
c:\users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\id803TX7.jpg
c:\users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\irM2Jn.jpg
c:\users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKt3a1T.jpg
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.
2010-04-29 02:41 . 2010-04-29 02:41 -------- d-----w- c:\users\Helen\AppData\Local\temp
2010-04-29 02:41 . 2010-04-29 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-29 01:08 . 2010-04-29 01:08 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 00:44 . 2010-04-29 00:44 680 ----a-w- c:\users\Helen\AppData\Local\d3d9caps.dat
2010-04-29 00:44 . 2010-04-29 00:44 -------- d-----w- c:\windows\Sun
2010-04-15 10:59 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 10:59 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 10:59 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 10:59 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 10:59 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 10:59 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 10:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 10:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 10:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 15:12 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 15:12 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 02:25 . 2008-11-01 13:38 72704 --sha-w- c:\programdata\ExtendMedia\Media Agent\ac.dll
2010-04-29 02:23 . 2008-02-16 21:41 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-28 14:10 . 2008-06-01 03:19 -------- d-----w- c:\programdata\Google Updater
2010-04-15 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 15:44 . 2008-03-03 03:50 -------- d-----w- c:\programdata\Microsoft Help
2010-04-11 00:37 . 2008-09-26 16:14 1956808 ----a-w- c:\users\Helen\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-13 02:42 . 2010-03-03 05:31 -------- d-----w- c:\users\Helen\AppData\Roaming\Skype
2010-03-13 02:17 . 2010-03-03 05:34 -------- d-----w- c:\users\Helen\AppData\Roaming\skypePM
2010-03-09 22:05 . 2010-03-09 22:05 -------- d-----w- c:\users\Helen\AppData\Roaming\Malwarebytes
2010-03-09 22:05 . 2010-03-09 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 22:04 . 2010-03-09 22:04 -------- d-----w- c:\programdata\Malwarebytes
2010-03-09 21:59 . 2010-03-09 21:59 -------- d-----w- c:\program files\CCleaner
2010-03-09 01:57 . 2010-03-09 01:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-09 01:56 . 2008-02-16 22:57 -------- d-----w- c:\program files\Java
2010-03-03 05:34 . 2010-03-03 05:34 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-03 05:31 . 2010-03-03 05:31 -------- d-----r- c:\program files\Skype
2010-03-03 05:31 . 2010-03-03 05:31 -------- d-----w- c:\program files\Common Files\Skype
2010-03-03 05:31 . 2010-03-03 05:31 -------- d-----w- c:\programdata\Skype
2010-02-24 14:16 . 2009-10-03 06:13 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 08:21 . 2008-05-08 02:00 109880 ----a-w- c:\users\Helen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-30 20:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 20:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 20:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 20:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 08:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 08:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 08:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 11:43 . 2008-10-29 14:15 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-19 11:43 . 2008-10-29 14:15 88 --sh--r- c:\windows\system32\B752AC1AB8.sys
2010-02-02 04:11 . 2010-02-02 04:11 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4698.tmp.exe
2010-02-01 12:29 . 2010-02-01 12:29 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3779.tmp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-01 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 4423680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-09 149280]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2009-06-22 446088]
"Skytel"="Skytel.exe" [2007-04-06 1822720]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-11-16 28464]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2009-06-22 715400]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 17920]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-16 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-16 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-01 12:30]
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:53]
2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ccleaner.com/
uInternet Settings,ProxyOverride = *.local
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://cca-svr-40.radford.edu/auth/CCALogin.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 22:41
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-28 22:45:22
ComboFix-quarantined-files.txt 2010-04-29 02:45
Pre-Run: 98,372,317,184 bytes free
Post-Run: 98,317,279,232 bytes free
- - End Of File - - C5E5C72A6329809A372DF4F933A91709