Random adverts playing in background with no windows open

View previous topic View next topic Go down

Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 4:52 am

Several random advert audio clips have been periodically playing in the background even when no windows are open. This started happening about 8 hours ago just after I had completed my install of Starcraft II. (great game so far! aside from the random advertisement interruptions!) Not sure if there is a correlation here but I had some problems with Antivir pro starting about a month ago. I have had two encounters with it, both times I did a system restore and things were fine. I've done a full AVG scan and Malwarebyte scans with no results.

Thanks!

OTL logfile created on: 7/27/2010 11:10:38 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\JAg\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 15.25 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
Drive D: | 210.14 Gb Total Space | 22.90 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 641.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: JAg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
PRC - [2010/07/09 12:10:18 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/04/28 13:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/08/24 09:19:57 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 09:19:57 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 09:19:54 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 09:19:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/24 09:19:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/04/07 00:02:13 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/02/15 19:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 19:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
MOD - [2009/08/24 09:19:57 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/08/24 09:19:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 09:19:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/15 15:46:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/06/06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/02/15 19:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/28 03:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/24 09:19:57 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/24 09:19:57 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/01 16:22:11 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/03 16:16:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/28 03:08:00 | 009,838,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 19:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/02/15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/17 11:22:00 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/21 14:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.backup.ftp: "141.24.33.192"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "141.24.33.192"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "141.24.33.192"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "141.24.33.192"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "93.186.192.85"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "93.186.192.85"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "93.186.192.85"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "93.186.192.85"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "93.186.192.85"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:32:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 09:13:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 23:01:30 | 000,000,000 | ---D | M]

[2009/04/06 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Extensions
[2010/07/27 22:46:38 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions
[2009/11/09 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009/07/01 17:10:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 06:34:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/10 23:46:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/25 09:05:16 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\firefox@tvunetworks.com
[2010/07/27 22:46:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 22:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/27 22:44:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/03 00:24:39 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2008/10/22 00:36:52 | 000,001,231 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Client] C:\Windows\System32\Client.exe File not found
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Winsys32sys] C:\Windows\System32\Client.exe File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [Video Library] C:\Users\JAg\AppData\Local\Temp\Rpcqt.DLL (Safer Networking Limited )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JAg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JAg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 13:14:52 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/05/11 06:13:12 | 000,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{83a8ea48-7ee1-11de-bf50-001fe1dc1585}\Shell - "" = AutoRun
O33 - MountPoints2\{83a8ea48-7ee1-11de-bf50-001fe1dc1585}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2000/05/20 22:36:50 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{87e70dfa-2587-11de-a1ec-001fe1dc1585}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{87e70dfa-2587-11de-a1ec-001fe1dc1585}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{87e70dfa-2587-11de-a1ec-001fe1dc1585}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{87e70dfa-2587-11de-a1ec-001fe1dc1585}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O33 - MountPoints2\{c7fcf18f-73bf-11de-8209-001fe1dc1585}\Shell - "" = AutoRun
O33 - MountPoints2\{c7fcf18f-73bf-11de-8209-001fe1dc1585}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {1C8B5F0A-4EDE-D808-8904-C2356E5E3223} - Microsoft Windows Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {26C6F5DD-8B95-CB98-CCBE-19CDD2694BC4} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2FEE7374-62BB-3C64-C54A-D38252274737} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4B4A5348-3DF7-A010-8B29-F20AF53646C7} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5245C883-6CCE-6C96-BB48-905553E6DF5A} - Offline Browsing Pack
ActiveX: {5B436709-90AA-5EA6-2F59-0C56CD090F0A} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7092AF14-F518-8AE0-F720-90ED52756A48} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D24AFE3-0CDD-F190-83E6-7C01E11312CB} - Microsoft Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF7CDA6F-CAFE-225B-585D-9EFF9FC7650C} - Themes Setup
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/07/27 23:10:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
[2010/07/27 23:04:07 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/07/27 23:04:07 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/07/27 23:03:44 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/07/27 23:03:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/07/27 22:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/27 22:44:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 22:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 22:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/27 22:43:32 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\JAg\Desktop\jre-6u21-windows-i586.exe
[2010/07/27 22:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/27 22:41:44 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\Users\JAg\Documents\StarCraft II
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/07/27 13:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/27 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Roaming\SystemRequirementsLab
[2010/07/23 20:25:37 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/07/23 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/07/22 21:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2010/07/21 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Local\Deployment
[2010/07/21 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Local\Apps
[2010/07/16 23:00:41 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Roaming\Malwarebytes
[2010/07/16 23:00:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/16 23:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/16 23:00:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/16 23:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 21:58:18 | 000,000,000 | ---D | C] -- C:\Users\JAg\Desktop\Somaliland
[2010/07/12 08:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/07/06 13:33:28 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/07/27 23:15:08 | 004,980,736 | -HS- | M] () -- C:\Users\JAg\ntuser.dat
[2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
[2010/07/27 23:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 23:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 23:01:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/27 22:52:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000UA.job
[2010/07/27 22:44:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 22:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 22:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/27 22:44:31 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/27 22:39:48 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\JAg\Desktop\jre-6u21-windows-i586.exe
[2010/07/27 22:24:28 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/27 22:24:28 | 000,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/27 22:24:28 | 000,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/27 22:20:46 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/27 22:19:53 | 000,879,082 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/27 22:18:46 | 000,879,082 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/27 22:18:34 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 22:18:34 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 22:18:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 22:18:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 22:18:20 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/27 22:17:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/27 22:17:13 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 22:17:13 | 000,065,536 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TM.blf
[2010/07/27 22:17:10 | 002,751,697 | -H-- | M] () -- C:\Users\JAg\AppData\Local\IconCache.db
[2010/07/27 16:36:37 | 062,646,716 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/27 15:52:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000Core.job
[2010/07/27 15:51:24 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/27 15:28:41 | 000,216,576 | ---- | M] () -- C:\Users\JAg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 21:04:53 | 000,165,339 | ---- | M] () -- C:\Users\JAg\Desktop\LooseChange.jpg
[2010/07/26 10:28:30 | 000,002,255 | ---- | M] () -- C:\Users\JAg\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/23 20:38:24 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/07/23 20:38:21 | 000,019,036 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/07/23 20:33:25 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/23 20:33:25 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/07/23 20:33:25 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/07/23 20:25:38 | 000,001,686 | ---- | M] () -- C:\Users\JAg\Desktop\Diablo II.lnk
[2010/07/23 20:25:37 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/07/23 20:25:37 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010/07/22 21:04:06 | 000,000,816 | ---- | M] () -- C:\Users\JAg\Desktop\StarCraft.lnk
[2010/07/19 12:23:19 | 000,018,314 | ---- | M] () -- C:\Users\JAg\Desktop\image001.gif
[2010/07/19 11:13:45 | 000,067,074 | ---- | M] () -- C:\Users\JAg\Desktop\36378682.nairobiaerials014.jpg
[2010/07/19 11:13:31 | 000,117,198 | ---- | M] () -- C:\Users\JAg\Desktop\36378684.nairobiaerials026.JPG
[2010/07/18 21:35:43 | 000,133,170 | ---- | M] () -- C:\Users\JAg\Desktop\1279506735173.jpg
[2010/07/16 23:00:37 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 20:40:41 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000002.regtrans-ms
[2010/07/16 20:36:34 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:36:34 | 000,065,536 | -HS- | M] () -- C:\Users\JAg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/13 22:10:55 | 000,019,816 | ---- | M] () -- C:\Users\JAg\Desktop\1279075000502.jpg
[2010/07/08 22:55:46 | 000,014,953 | ---- | M] () -- C:\Users\JAg\Desktop\1278641823792s.jpg
[2010/07/06 14:36:55 | 000,077,054 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010/07/06 14:02:55 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2010/07/06 14:02:55 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2010/07/05 16:30:34 | 000,002,255 | ---- | M] () -- C:\Users\JAg\Desktop\iTunes.lnk
[2010/06/30 19:37:02 | 000,000,680 | ---- | M] () -- C:\Users\JAg\AppData\Local\d3d9caps.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/27 23:01:30 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/27 15:29:25 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/26 21:04:53 | 000,165,339 | ---- | C] () -- C:\Users\JAg\Desktop\LooseChange.jpg
[2010/07/23 20:38:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/07/23 20:26:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/23 20:26:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/07/23 20:26:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/07/23 20:25:38 | 000,019,036 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/07/23 20:25:38 | 000,001,686 | ---- | C] () -- C:\Users\JAg\Desktop\Diablo II.lnk
[2010/07/23 20:25:37 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/07/22 21:04:06 | 000,000,816 | ---- | C] () -- C:\Users\JAg\Desktop\StarCraft.lnk
[2010/07/19 12:23:19 | 000,018,314 | ---- | C] () -- C:\Users\JAg\Desktop\image001.gif
[2010/07/19 11:13:45 | 000,067,074 | ---- | C] () -- C:\Users\JAg\Desktop\36378682.nairobiaerials014.jpg
[2010/07/19 11:13:31 | 000,117,198 | ---- | C] () -- C:\Users\JAg\Desktop\36378684.nairobiaerials026.JPG
[2010/07/18 21:35:43 | 000,133,170 | ---- | C] () -- C:\Users\JAg\Desktop\1279506735173.jpg
[2010/07/16 23:00:37 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 20:40:40 | 000,524,288 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000002.regtrans-ms
[2010/07/16 20:40:40 | 000,524,288 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:40:40 | 000,065,536 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TM.blf
[2010/07/16 20:39:09 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 19:42:58 | 000,002,255 | ---- | C] () -- C:\Users\JAg\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/06 13:33:29 | 000,077,054 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/07/06 13:33:28 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2010/01/28 10:51:19 | 000,190,976 | R--- | C] () -- C:\Windows\System32\Wgalogon.dll
[2009/08/02 20:13:31 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/01 16:22:11 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/03/23 11:00:02 | 000,667,136 | R--- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/08/24 09:19:57 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\avgrsstx.dll
[2008/01/18 23:35:12 | 000,156,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\msls31.dll
[2008/01/18 23:36:16 | 000,286,720 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rasapi32.dll
[2008/01/18 23:36:16 | 000,071,168 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rasman.dll
[2008/01/18 23:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2006/11/02 04:46:12 | 000,036,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rtutils.dll
[2006/11/02 04:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SensApi.dll
[2008/01/18 23:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll
[2008/01/18 23:36:38 | 000,376,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\sxs.dll
[2006/11/02 04:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\tapi32.dll

[color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2009/08/01 16:22:11 | 000,716,272 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\System32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< %systemroot%\system32\*.sys >[/color]
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/18 23:43:00 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/04/21 06:55:06 | 002,033,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[color=#A23BEC]< %systemroot%\system32\drivers\*.dll >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.ini >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.exe >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/18 23:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/04/06 19:28:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/27 22:18:20 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/01 15:53:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/27 22:50:16 | 000,014,039 | ---- | M] () -- C:\JavaRa.log
[2009/08/01 15:53:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/27 22:18:18 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys
[2009/05/11 23:08:08 | 000,000,137 | ---- | M] () -- C:\VundoFix.txt

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2010/07/27 23:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/01 16:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2009/07/28 16:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/06 17:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2010
[2010/01/28 11:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/01/28 11:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk Revit Architecture 2010
[2009/04/08 13:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk Student Community Download Tool
[2009/06/03 16:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/01/09 12:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2009/07/28 16:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/27 15:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Catan
[2009/05/02 11:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2010/07/27 22:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/06 17:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/07/26 01:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2009/10/14 00:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/09/09 15:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\FLAC
[2009/10/19 11:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/05/13 15:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/08/20 18:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\Grandpas Candy Factory
[2009/08/06 14:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/06 13:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/05/12 10:54:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/13 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/07/30 03:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/28 12:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/12/28 12:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/05/04 10:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/16 23:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 18:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/28 11:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/28 11:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2009/10/20 12:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/28 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/28 11:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/01/28 11:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/01/28 11:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/28 11:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/27 15:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/01/28 11:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/04 21:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/05/13 03:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/08 22:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2009/08/04 00:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/05/03 00:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/10/21 13:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\PixiePack Codec Pack
[2010/07/27 15:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/12/28 12:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/21 13:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/05 10:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Rhinoceros 4.0
[2009/04/06 22:17:25 | 000,000,000 | ---D | M] -- C:\Program Files\SecureW2
[2009/04/06 17:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/06/11 21:01:51 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/01/02 22:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2010/07/23 00:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/07/27 22:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/07/27 13:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/03/01 21:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2009/10/24 20:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/13 21:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010/07/12 08:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2009/04/06 21:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/07/26 19:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/04/15 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/18 03:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 4:52 am


< %appdata%\*.* >
[2009/08/02 20:13:31 | 000,022,328 | ---- | M] () -- C:\Users\JAg\AppData\Roaming\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/04/07 00:21:48 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2009/04/07 00:21:48 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2009/04/07 00:21:49 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-08-04 19:11:32

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
< End of report >







OTL Extras logfile created on: 7/27/2010 11:10:38 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\JAg\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 15.25 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
Drive D: | 210.14 Gb Total Space | 22.90 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 641.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: JAg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CFC915-5707-473F-BF31-7F98AF8D87F7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0DB31AAD-E142-4640-A0DC-387CD105CEDB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{13EAE9FE-470B-4277-8D8D-E0AD800FA232}" = lport=445 | protocol=6 | dir=in | app=system |
"{1EA51AE2-287C-4AA8-8251-51B230E3C275}" = lport=139 | protocol=6 | dir=in | app=system |
"{398D1060-6899-4468-B9D2-9728485C69E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DF38239-3DC0-4835-9A47-1B61260D835E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E6698B3-276C-43E3-B698-A230B7F83170}" = rport=445 | protocol=6 | dir=out | app=system |
"{43E7E4E6-6AC1-44B4-9911-5DC4D2EDD73C}" = rport=137 | protocol=17 | dir=out | app=system |
"{56863DC0-7463-4247-8DFA-BF511CF5D5B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{771E96B3-79CA-4C3E-83AC-B2123B056431}" = rport=139 | protocol=6 | dir=out | app=system |
"{77D2A7A4-4FF9-4BDF-97E1-0B7B9AD8801D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{859DDA20-FA4E-4A62-B326-EE23680BB9DC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8A3C7C5B-C425-4DE6-83A3-80922E33BBB9}" = lport=138 | protocol=17 | dir=in | app=system |
"{9DE68350-01F9-4D2B-940E-90320F06EEB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F9E0322-C2AC-4892-94A5-2F9315AFD3B4}" = lport=137 | protocol=17 | dir=in | app=system |
"{A7244503-131F-48BA-B524-33BC94D28E63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2FDECAE-806E-426E-BF24-36FDC135907E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D904D09D-F91A-4CFB-BD15-7332A3949B35}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E90837B6-358E-432D-BA08-450B1D44AE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3650924-3AF8-4A4B-BB54-F7FF9C6203FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B4C08-5049-4980-8A02-EAD88EFD7947}" = protocol=17 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{0850F1C5-B8A4-433F-96AF-7F1B61263FEB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{11EFD991-609D-4406-B2EE-AD259F880207}" = protocol=6 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{15489827-4C63-4068-ABD7-61BA7542348D}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{16065FA0-114A-4BFA-8630-9C0919935947}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{1A0F8BBC-0CA9-4118-A38F-EA7B002D48E6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{1BC887E2-88D8-45C0-BB31-EAD3FF20CBA3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1CCAE7DF-7D6D-485C-A1BE-78BB49EC0B0D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{2474DB2D-08C5-4B55-9F52-F9D3807E7AB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{301C4C0A-12B3-4C8E-BED3-60B3E5241834}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{3B43757C-351F-4978-B706-59166C555D3F}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{475326DF-4C13-49BF-BA3A-627106CA8AEE}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{51F6C8C4-0A5A-473A-83EE-DD4724540A5E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5715EDAE-675F-4E8A-862B-31ED4901B664}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{5B76B99A-AF95-4A2D-A48C-C26A3231D034}" = protocol=17 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{690B9093-9F89-4DB9-BD8E-A8E4354E28E6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{69DB3C23-99A6-4E97-9F3C-13D599D6375B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{71B26171-B794-46DC-938A-5E50B0D24A20}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{770C50D3-464D-4DAF-8C1E-E7675610636D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79800A02-BA54-4B25-BFA8-ECF35F45A957}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{81F064CE-F25A-42D2-81E3-F479E3DC0F60}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{84F8B700-C0CD-4F9F-B51B-53970390E584}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{86A30E3E-D24E-4C99-9829-F406E7927CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A4B6A3B-A785-4E48-BA36-E46DC5D709AC}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{93506867-0F35-4657-928C-149AD0D9DAE0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{98DAE192-D8E5-442A-BC76-D001B72DA76B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9DEE4178-6B69-44B1-AC02-F118BB6A7FA5}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{A1652118-73FA-47E4-A76B-3B71BF66EDE9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AAC47474-37F4-4DE4-AD06-5BB3A30C9A1B}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{AD3AC403-BA0E-40E6-ACF3-CB2EF69ECD5A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AFF14F44-7E03-4C06-ADEE-25FBB5BC0A48}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{B14F0FAA-060C-461E-B1AA-6533E2279090}" = protocol=17 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B2D64EE6-13EE-4A91-A680-F8BC972979FE}" = protocol=17 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B4D17637-FE99-4E38-9F78-B012328E42B4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B6D7E256-E87D-460A-B9D3-E04A63C14225}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{BC1D0BEB-51C1-4500-808E-36046BDE60A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BDD1B468-F253-4692-8105-A189E70A4F9B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{C01ED46F-9FF0-4BC2-87AB-5DC0B6E5A7CD}" = protocol=6 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C33706B1-B1C5-43ED-8932-E617404D482A}" = protocol=6 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C4BE0D00-77BE-45E6-AF5F-8BF76DB3E3AF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C52E65B4-0167-4CBC-9FF1-96FE71E489EA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CAF97897-4E83-451A-B3C9-B9709C8D673A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CD8AE8CE-A9F0-427A-9E54-AE6741154BAE}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe |
"{D10F69B1-CED6-403F-8CA3-A5893A6E5E1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1F432FA-D12C-446E-BBB6-637F1A35A11A}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{D64FA8BB-1416-4B96-A6FE-2BF6439462C0}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{DABEFEC7-4484-4CC2-9EE2-3B0CAF2190D1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{DC012F31-3C88-4216-8F98-86BC7C4EBB24}" = protocol=6 | dir=in | app=c:\users\jag\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{DD8C39EB-BEDF-413C-BBA2-58880138A0CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0D088E3-7A8E-4B87-985D-1A7C20083773}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8F0A158-5036-4953-A67B-CB07D74FD6B7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{0109D092-EBC3-45BE-99E5-27B03FEACA6E}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{01278F45-02C8-4918-B62F-46C89F31EACA}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{0DA3D30D-85DC-4B48-B9E8-7B8F5A67E182}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1D36512F-7566-4EBC-A029-A04E1FE523EB}D:\program files\google sketch-up\sketchup.exe" = protocol=6 | dir=in | app=d:\program files\google sketch-up\sketchup.exe |
"TCP Query User{3E9F10FD-355B-4882-95C2-E07A6F6D05BE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4CC0FF44-68A1-4270-B0A2-127ABB16F8A0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{817113FC-0A1D-41E1-A8E5-69F062D7241D}C:\users\jag\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=6 | dir=in | app=c:\users\jag\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"TCP Query User{91B4A8C2-94C3-481C-8ADB-5033DDFC4D23}C:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe" = protocol=6 | dir=in | app=c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe |
"TCP Query User{9A3C3A9B-3D2F-40FF-9A5E-701F65200E9A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{B4A39BC3-E4D8-46C3-B5BD-131E7F1E97F0}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{CD7C9F0F-19F4-460D-9CD7-3239D8C44EA9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{EC9777F7-1609-4681-9234-5A2D77FEF44B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{ED36F99E-CECC-4E24-B3D2-094CE9657FA4}C:\program files\steam\steamapps\mbunicorn\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mbunicorn\team fortress 2\hl2.exe |
"TCP Query User{FC4886A2-DB2C-47EB-BD1B-63FDBA4067B7}D:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=d:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{33A04F94-DA00-4DC6-9302-F48C972FE139}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{4665C146-5028-444B-A7F0-66F34306CF47}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{49647FEA-6D51-4EE2-88DC-C2064F9E8956}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{632382CF-4639-45F9-B655-7DE25F8F7C81}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6B65703D-0348-4EDF-9D18-FC9A1CC82F42}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{720A40E6-684E-4927-8630-5B1E4EC18257}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{723731A1-0A92-4BE4-B295-2563EFE2A5B8}D:\program files\google sketch-up\sketchup.exe" = protocol=17 | dir=in | app=d:\program files\google sketch-up\sketchup.exe |
"UDP Query User{7E0D1760-83A7-4036-9173-13A9545A1575}C:\users\jag\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] = protocol=17 | dir=in | app=c:\users\jag\appdata\roaming\macromedia\flash player\[You must be registered and logged in to see this link.] |
"UDP Query User{87AEDC92-7C01-4296-AC22-591B78661AF9}C:\program files\steam\steamapps\mbunicorn\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mbunicorn\team fortress 2\hl2.exe |
"UDP Query User{9898BB2C-81C8-459F-8159-1E2A9B2D263A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{997F696A-04B8-4635-A38F-072BF7B8F25B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A84D06EE-DE4B-4C28-9A61-D2725B37B342}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{A96123FF-791A-4D74-9DF1-9F4AE1237E1D}C:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe" = protocol=17 | dir=in | app=c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe |
"UDP Query User{B96AC68E-F4F8-4330-9191-A727B0BFEB19}D:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=d:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{CA3640BD-57D1-467B-9C17-7AC1C88A986D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{572FBF5D-3BAA-42FF-A468-A54C2C0A17C3}" = Autodesk Revit Architecture 2010
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4F2108-7395-4951-A7BE-86DA108A001C}" = OGA Notifier 1.7.0105.14.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BF9345-6D19-4868-BF8F-CCDE8D15974B}" = Tunebite
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Autodesk Revit Architecture 2010" = Autodesk Revit Architecture 2010
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"AVG8Uninstall" = AVG Free 8.5
"Catan" = Catan (remove only)
"CDisplay_is1" = CDisplay 1.8
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLAC" = FLAC 1.2.1b (remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Grandpas Candy Factory" = Grandpas Candy Factory
"Hardwood Euchre" = Hardwood Euchre
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.0 for Windows
"SopCast" = SopCast 3.2.4
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.16
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"XiphQT" = Xiph QuickTime Components
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2010 11:54:30 AM | Computer Name = Laptop | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 12:04:29 PM | Computer Name = Laptop | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 12:54:29 PM | Computer Name = Laptop | Source = Google Update | ID = 20
Description =

Error - 7/24/2010 1:04:29 PM | Computer Name = Laptop | Source = Google Update | ID = 20
Description =

Error - 7/25/2010 8:18:37 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 7/27/2010 1:00:41 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application smss.exe, version 1.0.0.2, time stamp 0x494acef0,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x0006a786, process id 0x177c, application start time
0x01cb2d3a2a4d01d0.

Error - 7/27/2010 7:33:28 AM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6001.7004 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 157c Start Time: 01cb2d7f7b3f8500 Termination Time: 63

Error - 7/27/2010 7:34:04 AM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2010 5:31:13 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program StarCraft II.exe version 2.1.2.1631 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1280 Start Time: 01cb2dd28cd54400 Termination Time: 12

Error - 7/27/2010 11:20:07 PM | Computer Name = Laptop | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/4/2009 10:37:34 AM | Computer Name = Laptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 4/8/2010 1:39:51 AM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/19/2010 11:53:31 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/8/2010 1:30:11 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 7/28/2010 12:05:01 AM | Computer Name = Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =


< End of report >




MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 5:36 am

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 5:34 pm

Chris,

I hope this hasn't mess things up, but when I first ran I didn't save it to my desktop instead I ran it from my default firefox download folder. The first log had a message about a root-kit numbered .dll being deleted and deleted my temporary internet data. Thinking I messed up with the first scan, I saved combofix to my desktop and ran combofix a second time which had overwritten the previous log.

Sorry if I have made things more difficult in my silly rushed eagerness to fix my computer.

Here is the log from the second scan:


ComboFix 10-07-27.05 - JAg 07/28/2010 12:13:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2384 [GMT -5:00]
Running from: c:\users\JAg\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 17:22 . 2010-07-28 17:22 -------- d-----w- c:\users\JAg\AppData\Local\temp
2010-07-28 17:22 . 2010-07-28 17:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-28 17:22 . 2010-07-28 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 04:37 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-28 04:37 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-28 04:37 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-28 04:34 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-28 04:34 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-28 04:34 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-28 04:34 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-28 04:34 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-28 04:34 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-28 04:34 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-07-28 04:34 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-07-28 04:34 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-28 04:34 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-28 04:34 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-28 04:34 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-07-28 04:32 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-28 04:31 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-28 04:30 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-28 04:30 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-28 04:30 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-28 04:30 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-28 04:30 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-07-28 04:30 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-07-28 04:30 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-07-28 04:30 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-07-28 04:20 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-28 04:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-07-28 04:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-07-28 04:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-07-28 04:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-28 04:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-07-28 04:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-07-28 04:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-28 04:03 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-28 04:03 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-28 03:46 . 2010-07-28 03:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 03:41 . 2010-07-28 03:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 21:46 . 2010-07-27 21:46 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-27 20:29 . 2010-07-27 21:46 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 20:29 . 2010-07-27 20:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-27 18:38 . 2010-07-27 18:38 85504 ----a-w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab
2010-07-24 01:38 . 2010-07-24 01:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-24 01:26 . 2010-07-24 01:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-24 01:26 . 2010-07-24 01:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-24 01:26 . 2010-07-24 01:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-24 01:25 . 2010-07-24 01:38 19036 ----a-w- c:\windows\DIIUnin.dat
2010-07-24 01:25 . 2010-07-24 01:25 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-24 01:25 . 2010-07-24 01:25 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-24 01:23 . 2010-07-26 06:54 -------- d-----w- c:\program files\Diablo II
2010-07-23 02:02 . 2010-07-23 05:07 -------- d-----w- c:\program files\Starcraft
2010-07-21 21:34 . 2010-07-21 21:46 -------- d-----w- c:\users\JAg\AppData\Local\Deployment
2010-07-21 21:34 . 2010-07-21 21:34 -------- d-----w- c:\users\JAg\AppData\Local\Apps
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\users\JAg\AppData\Roaming\Malwarebytes
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\programdata\Malwarebytes
2010-07-17 04:00 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 04:00 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 13:42 . 2010-07-12 13:42 -------- d-----w- c:\program files\Veoh Networks
2010-07-09 17:10 . 2010-07-08 17:40 1146208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2010-07-06 18:33 . 2010-07-06 19:36 77054 ----a-w- c:\windows\War3Unin.dat
2010-07-06 18:33 . 2010-07-06 19:02 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-06 18:33 . 2010-07-06 19:02 139264 ----a-w- c:\windows\War3Unin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 17:13 . 2009-06-03 21:48 879082 ----a-w- c:\programdata\nvModes.dat
2010-07-28 17:11 . 2009-04-06 23:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 17:11 . 2010-06-12 02:02 -------- d-----w- c:\users\JAg\AppData\Roaming\Skype
2010-07-28 17:09 . 2010-05-12 21:07 -------- d-----w- c:\program files\Steam
2010-07-28 04:59 . 2009-04-06 22:48 134744 ----a-w- c:\users\JAg\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 04:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 04:01 . 2009-04-15 16:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\program files\uTorrent
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\users\JAg\AppData\Roaming\uTorrent
2010-07-27 20:24 . 2010-01-09 17:52 -------- d-----w- c:\program files\Catan
2010-07-27 20:24 . 2010-03-02 01:29 -------- d-----w- c:\program files\PopCap Games
2010-07-27 11:36 . 2009-11-09 12:39 -------- d-----w- c:\users\JAg\AppData\Roaming\vlc
2010-07-27 00:45 . 2010-05-02 17:45 -------- d-----w- c:\program files\Warcraft III
2010-07-24 17:20 . 2009-04-10 04:58 -------- d-----w- c:\users\JAg\AppData\Roaming\dvdcss
2010-07-24 01:09 . 2010-02-04 15:58 -------- d-----w- c:\program files\PeerBlock
2010-07-17 01:38 . 2009-04-15 21:22 -------- d-----w- c:\programdata\FLEXnet
2010-07-01 00:37 . 2009-04-06 22:47 680 ----a-w- c:\users\JAg\AppData\Local\d3d9caps.dat
2010-06-21 21:09 . 2010-06-12 02:04 -------- d-----w- c:\users\JAg\AppData\Roaming\skypePM
2010-06-12 02:04 . 2010-06-12 02:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----r- c:\program files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\Common Files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\programdata\Skype
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-29 23:57 . 2010-05-29 23:57 666112 ----a-w- c:\users\JAg\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-05-26 16:16 . 2010-07-28 04:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-28 04:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 04:28 . 2010-05-24 04:27 5642000 ----a-w- c:\users\JAg\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-05-21 19:14 . 2010-04-15 14:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 13:53 . 2010-07-28 04:31 2036224 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-06 23:11 . 2010-07-28 17:14 43948 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-07-28 17:14 82192 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-06 23:11 . 2010-07-28 17:14 10992 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4177002003-3084292159-914443694-1000_UserData.bin
- 2006-11-02 13:02 . 2010-07-28 16:51 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-07-28 17:13 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 16:38 . 2010-07-28 16:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-28 17:12 . 2010-07-28 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-28 16:38 . 2010-07-28 16:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-28 17:12 . 2010-07-28 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-07-28 17:20 607356 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-07-28 16:45 607356 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-07-28 17:20 106220 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-07-28 16:45 106220 c:\windows\System32\perfc009.dat
- 2006-11-02 13:02 . 2010-07-28 16:51 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-07-28 17:13 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-07-28 16:51 7634944 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-07-28 17:13 7634944 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-08-01 4608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-12 1238352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-29 13756960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate1c9ffe7f9e39660;Google Update Service (gupdate1c9ffe7f9e39660);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-01 716272]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-06-03 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 16:18]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000Core.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000UA.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-28 12:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [3448] 0xA1347020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-28 12:24:16
ComboFix-quarantined-files.txt 2010-07-28 17:24
ComboFix2.txt 2010-07-28 17:00
ComboFix3.txt 2010-07-28 16:52

Pre-Run: 14,829,481,984 bytes free
Post-Run: 14,573,797,376 bytes free

- - End Of File - - 494CCCD8B4B62178D903D4BCA4BFE76E

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 5:36 pm

Edit: sorry nevermind

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 5:46 pm

Hi,

Do you have these three txt files?

ComboFix-quarantined-files.txt
ComboFix2.txt
ComboFix3.txt

They should all be located at C:\Combofix. That will give me a better idea what was deleted. I know what infection we're dealing with here but, I'm just curious Smile

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 6:09 pm

Chris,

There doesn't appear to be a C:\Combofix folder, just C:\ComboFix.txt Indifferent or Blank

Justin

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 7:10 pm

Hi,

ComboFix2.txt and ComboFix3.txt should be in the same location as C:\Combofix.txt but ComboFix-quarantined-files.txt is located in C:\Qoobox

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 7:24 pm

OK sweet, looks like everything was saved in C:\Qoobox. Looks like I ran it 3 times >.<

ComboFix3.txt

ComboFix 10-07-27.05 - JAg 07/28/2010 11:43:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2688 [GMT -5:00]
Running from: d:\firefox downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\JAg\AppData\Local\TempDIR
c:\windows\system32\st325866.dll

.
MBR is infected with the Whistler Bootkit !!

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 16:49 . 2010-07-28 16:50 -------- d-----w- c:\users\JAg\AppData\Local\temp
2010-07-28 16:49 . 2010-07-28 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 04:37 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-28 04:37 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-28 04:37 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-28 04:34 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-28 04:34 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-28 04:34 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-28 04:34 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-28 04:34 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-28 04:34 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-28 04:34 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-07-28 04:34 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-07-28 04:34 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-28 04:34 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-28 04:34 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-28 04:34 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-07-28 04:32 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-28 04:31 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-28 04:30 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-28 04:30 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-28 04:30 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-28 04:30 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-28 04:30 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-07-28 04:30 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-07-28 04:30 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-07-28 04:30 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-07-28 04:20 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-28 04:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-07-28 04:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-07-28 04:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-07-28 04:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-28 04:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-07-28 04:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-07-28 04:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-28 04:03 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-28 04:03 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-28 03:46 . 2010-07-28 03:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 03:41 . 2010-07-28 03:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 21:46 . 2010-07-27 21:46 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-27 20:29 . 2010-07-27 21:46 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 20:29 . 2010-07-27 20:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-27 18:38 . 2010-07-27 18:38 85504 ----a-w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab
2010-07-24 01:38 . 2010-07-24 01:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-24 01:26 . 2010-07-24 01:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-24 01:26 . 2010-07-24 01:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-24 01:26 . 2010-07-24 01:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-24 01:25 . 2010-07-24 01:38 19036 ----a-w- c:\windows\DIIUnin.dat
2010-07-24 01:25 . 2010-07-24 01:25 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-24 01:25 . 2010-07-24 01:25 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-24 01:23 . 2010-07-26 06:54 -------- d-----w- c:\program files\Diablo II
2010-07-23 02:02 . 2010-07-23 05:07 -------- d-----w- c:\program files\Starcraft
2010-07-21 21:34 . 2010-07-21 21:46 -------- d-----w- c:\users\JAg\AppData\Local\Deployment
2010-07-21 21:34 . 2010-07-21 21:34 -------- d-----w- c:\users\JAg\AppData\Local\Apps
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\users\JAg\AppData\Roaming\Malwarebytes
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\programdata\Malwarebytes
2010-07-17 04:00 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 04:00 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 13:42 . 2010-07-12 13:42 -------- d-----w- c:\program files\Veoh Networks
2010-07-09 17:10 . 2010-07-08 17:40 1146208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2010-07-06 18:33 . 2010-07-06 19:36 77054 ----a-w- c:\windows\War3Unin.dat
2010-07-06 18:33 . 2010-07-06 19:02 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-06 18:33 . 2010-07-06 19:02 139264 ----a-w- c:\windows\War3Unin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 16:39 . 2009-06-03 21:48 879082 ----a-w- c:\programdata\nvModes.dat
2010-07-28 16:37 . 2009-04-06 23:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 16:36 . 2010-06-12 02:02 -------- d-----w- c:\users\JAg\AppData\Roaming\Skype
2010-07-28 13:50 . 2010-05-12 21:07 -------- d-----w- c:\program files\Steam
2010-07-28 04:59 . 2009-04-06 22:48 134744 ----a-w- c:\users\JAg\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 04:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 04:01 . 2009-04-15 16:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\program files\uTorrent
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\users\JAg\AppData\Roaming\uTorrent
2010-07-27 20:24 . 2010-01-09 17:52 -------- d-----w- c:\program files\Catan
2010-07-27 20:24 . 2010-03-02 01:29 -------- d-----w- c:\program files\PopCap Games
2010-07-27 11:36 . 2009-11-09 12:39 -------- d-----w- c:\users\JAg\AppData\Roaming\vlc
2010-07-27 00:45 . 2010-05-02 17:45 -------- d-----w- c:\program files\Warcraft III
2010-07-24 17:20 . 2009-04-10 04:58 -------- d-----w- c:\users\JAg\AppData\Roaming\dvdcss
2010-07-24 01:09 . 2010-02-04 15:58 -------- d-----w- c:\program files\PeerBlock
2010-07-17 01:38 . 2009-04-15 21:22 -------- d-----w- c:\programdata\FLEXnet
2010-07-01 00:37 . 2009-04-06 22:47 680 ----a-w- c:\users\JAg\AppData\Local\d3d9caps.dat
2010-06-21 21:09 . 2010-06-12 02:04 -------- d-----w- c:\users\JAg\AppData\Roaming\skypePM
2010-06-12 02:04 . 2010-06-12 02:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----r- c:\program files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\Common Files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\programdata\Skype
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-29 23:57 . 2010-05-29 23:57 666112 ----a-w- c:\users\JAg\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-05-26 16:16 . 2010-07-28 04:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-28 04:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 04:28 . 2010-05-24 04:27 5642000 ----a-w- c:\users\JAg\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-05-21 19:14 . 2010-04-15 14:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 13:53 . 2010-07-28 04:31 2036224 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-08-01 4608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-12 1238352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-29 13756960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate1c9ffe7f9e39660;Google Update Service (gupdate1c9ffe7f9e39660);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-08-01 716272]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-06-03 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 16:18]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000Core.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000UA.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\JAg\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\JAg\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Client - c:\windows\System32\Client.exe
HKLM-Run-Winsys32sys - c:\windows\system32\Client.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-28 11:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [3632] 0x85A1A2F0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-28 11:52:34
ComboFix-quarantined-files.txt 2010-07-28 16:52

Pre-Run: 13,338,296,320 bytes free
Post-Run: 14,893,162,496 bytes free

- - End Of File - - 52C0818CDD8DF640D563900AA3635ED6


ComboFix2.txt

ComboFix 10-07-27.05 - JAg 07/28/2010 11:55:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2312 [GMT -5:00]
Running from: c:\users\JAg\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 16:58 . 2010-07-28 16:58 -------- d-----w- c:\users\JAg\AppData\Local\temp
2010-07-28 16:58 . 2010-07-28 16:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-28 16:58 . 2010-07-28 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 04:37 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-28 04:37 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-28 04:37 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-28 04:34 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-28 04:34 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-28 04:34 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-28 04:34 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-28 04:34 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-28 04:34 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-28 04:34 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2010-07-28 04:34 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-07-28 04:34 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-28 04:34 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-28 04:34 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-28 04:34 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-07-28 04:32 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-28 04:31 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-28 04:30 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-28 04:30 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-28 04:30 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-28 04:30 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-28 04:30 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-07-28 04:30 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-07-28 04:30 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-07-28 04:30 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-07-28 04:20 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-28 04:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-07-28 04:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-07-28 04:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-07-28 04:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-28 04:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-07-28 04:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-07-28 04:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-28 04:03 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-28 04:03 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-28 03:46 . 2010-07-28 03:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 03:41 . 2010-07-28 03:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 21:46 . 2010-07-27 21:46 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-27 20:29 . 2010-07-27 21:46 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 20:29 . 2010-07-27 20:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-27 18:38 . 2010-07-27 18:38 85504 ----a-w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-27 18:38 . 2010-07-27 18:38 -------- d-----w- c:\users\JAg\AppData\Roaming\SystemRequirementsLab
2010-07-24 01:38 . 2010-07-24 01:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-24 01:26 . 2010-07-24 01:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-24 01:26 . 2010-07-24 01:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-24 01:26 . 2010-07-24 01:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-24 01:25 . 2010-07-24 01:38 19036 ----a-w- c:\windows\DIIUnin.dat
2010-07-24 01:25 . 2010-07-24 01:25 94208 ----a-w- c:\windows\DIIUnin.exe
2010-07-24 01:25 . 2010-07-24 01:25 2829 ----a-w- c:\windows\DIIUnin.pif
2010-07-24 01:23 . 2010-07-26 06:54 -------- d-----w- c:\program files\Diablo II
2010-07-23 02:02 . 2010-07-23 05:07 -------- d-----w- c:\program files\Starcraft
2010-07-21 21:34 . 2010-07-21 21:46 -------- d-----w- c:\users\JAg\AppData\Local\Deployment
2010-07-21 21:34 . 2010-07-21 21:34 -------- d-----w- c:\users\JAg\AppData\Local\Apps
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\users\JAg\AppData\Roaming\Malwarebytes
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\programdata\Malwarebytes
2010-07-17 04:00 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 04:00 . 2010-07-17 04:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 04:00 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 13:42 . 2010-07-12 13:42 -------- d-----w- c:\program files\Veoh Networks
2010-07-09 17:10 . 2010-07-08 17:40 1146208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2010-07-06 18:33 . 2010-07-06 19:36 77054 ----a-w- c:\windows\War3Unin.dat
2010-07-06 18:33 . 2010-07-06 19:02 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-06 18:33 . 2010-07-06 19:02 139264 ----a-w- c:\windows\War3Unin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 16:39 . 2009-06-03 21:48 879082 ----a-w- c:\programdata\nvModes.dat
2010-07-28 16:37 . 2009-04-06 23:32 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 16:36 . 2010-06-12 02:02 -------- d-----w- c:\users\JAg\AppData\Roaming\Skype
2010-07-28 13:50 . 2010-05-12 21:07 -------- d-----w- c:\program files\Steam
2010-07-28 04:59 . 2009-04-06 22:48 134744 ----a-w- c:\users\JAg\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 04:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 04:01 . 2009-04-15 16:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\program files\uTorrent
2010-07-28 03:46 . 2009-04-07 02:36 -------- d-----w- c:\users\JAg\AppData\Roaming\uTorrent
2010-07-27 20:24 . 2010-01-09 17:52 -------- d-----w- c:\program files\Catan
2010-07-27 20:24 . 2010-03-02 01:29 -------- d-----w- c:\program files\PopCap Games
2010-07-27 11:36 . 2009-11-09 12:39 -------- d-----w- c:\users\JAg\AppData\Roaming\vlc
2010-07-27 00:45 . 2010-05-02 17:45 -------- d-----w- c:\program files\Warcraft III
2010-07-24 17:20 . 2009-04-10 04:58 -------- d-----w- c:\users\JAg\AppData\Roaming\dvdcss
2010-07-24 01:09 . 2010-02-04 15:58 -------- d-----w- c:\program files\PeerBlock
2010-07-17 01:38 . 2009-04-15 21:22 -------- d-----w- c:\programdata\FLEXnet
2010-07-01 00:37 . 2009-04-06 22:47 680 ----a-w- c:\users\JAg\AppData\Local\d3d9caps.dat
2010-06-21 21:09 . 2010-06-12 02:04 -------- d-----w- c:\users\JAg\AppData\Roaming\skypePM
2010-06-12 02:04 . 2010-06-12 02:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----r- c:\program files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\program files\Common Files\Skype
2010-06-12 02:01 . 2010-06-12 02:01 -------- d-----w- c:\programdata\Skype
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\users\JAg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-29 23:57 . 2010-05-29 23:57 666112 ----a-w- c:\users\JAg\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-05-26 16:16 . 2010-07-28 04:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-07-28 04:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 04:28 . 2010-05-24 04:27 5642000 ----a-w- c:\users\JAg\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-05-21 19:14 . 2010-04-15 14:49 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 13:53 . 2010-07-28 04:31 2036224 ----a-w- c:\windows\system32\win32k.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-08-01 4608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-12 1238352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-29 13756960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-01 716272]
R2 gupdate1c9ffe7f9e39660;Google Update Service (gupdate1c9ffe7f9e39660);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-06-03 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 16:18]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 16:20]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000Core.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000UA.job
- c:\users\JAg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-17 17:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-28 11:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [3632] 0x85A1A2F0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-28 12:00:26
ComboFix-quarantined-files.txt 2010-07-28 17:00
ComboFix2.txt 2010-07-28 16:52

Pre-Run: 14,921,326,592 bytes free
Post-Run: 14,681,501,696 bytes free

- - End Of File - - 276FCAC600AAB2062AB030ACD30154CB

ComboFix-quarantined-files.txt


2010-07-28 17:42:24 . 2010-07-28 17:42:24 512 ----a-w- C:\Qoobox\Quarantine\MBR_Whistler.dat
2010-07-28 16:51:12 . 2010-07-28 16:51:12 131 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Winsys32sys.reg.dat
2010-07-28 16:51:12 . 2010-07-28 16:51:12 126 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Client.reg.dat
2010-07-28 16:48:24 . 2010-07-28 17:44:33 6,830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-28 16:38:51 . 2010-07-28 17:42:24 248 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-04-06 22:58:05 . 2008-02-16 00:24:04 150,016 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\st325866.dll.vir



Thanks!

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 7:33 pm

Beautiful. That is the confirmation I needed. Let's see if Combofix repaired the Whistler Bootkit.

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 7:44 pm

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03700000
Boot sector MD5 is: 003c63cbf6c7405872f3037f7c777a82

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 7:59 pm

Hi,

Is this a self built machine or purchased from Dell, HP, etc?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 8:00 pm

Dell XPS M1530

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Wed Jul 28, 2010 8:15 pm

Hey again,

I've got to do some research. I'll be back to you asap

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Wed Jul 28, 2010 8:26 pm

Excellent! Thank you very much, Chris.

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 3:57 am

Hi,

Looks like we can safely fix this Smile. I thought it might brick your machine.

Please create a new text file with e.g. Notepad with the following contents:
@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

  • Save it as Fix.bat to your Desktop.
  • Doubleclick Fix.bat to run it.
  • A black DOS screen will flash too quickly to read, indicating a successful run
  • Doubleclick remover.exe again as you did previously and post its log back here.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 5:38 am

Hey Chris,

There is no log to copy and paste because the operation corrupted some windows boots files (pardon my techno jargon if it is incorrect! error/missing file was something like e.000000.0 or 000000e.0, I should've written it down but it is a little late!), I was prompted to insert my windows installation disk to preform a repair. I did so and things seem to be running smoothly.

P.S. And by brick I hope you meant I had to wipe and reformat(!), not have a 5lb hunt of worthless metal, plastic, and silicon!


Last edited by MBvash on Thu Jul 29, 2010 5:40 am; edited 1 time in total (Reason for editing : to elaborate on 'brick' !)

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 5:46 am

Oh no! So, the fix corrupted files and you had to reformat the drive?

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 7:02 am

Oh sorry to give you the wrong impression, no I didn't reformat, I had to boot from my windows install disk to repair some boot files. So I think anyways, but things seem to be running smoothly now.

What's next? =)

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 7:05 am

Ha. Glad we got that straightened out Smile. Can you run Bootkit Remover once more please. The scan, not the fix. Let's make sure it's gone.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 7:12 am

lol, I've got the day off tomorrow and have had a few drinks and am finding Starcraft II to be a lovely game.


Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03700000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 7:17 am

I've got the day off tomorrow too Laughing

How are things running now, by the way? Any better?

Let's try another scan:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log in your reply

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 7:20 am

Great. I haven't heard any random adverts for the last 2 hours or so; before it was every 8-15 min.

Running the scan now.

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 7:23 am

Great. Hopefully that comes up clean. I'd wager it will Smile. Would you mind including a freshly generated OTL log in your reply too? I've taken a look over things and we could fix some things up using that as well if they still appear in the most current log Smile


Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 8:02 am

Malwarebyte came out clean.

here is my OTL log:


OTL logfile created on: 7/29/2010 2:49:11 AM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\JAg\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 14.37 Gb Free Space | 16.35% Space Free | Partition Type: NTFS
Drive D: | 210.14 Gb Total Space | 22.89 Gb Free Space | 10.89% Space Free | Partition Type: NTFS
Drive E: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: JAg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
PRC - [2010/07/25 09:13:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/24 09:19:57 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 09:19:57 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 09:19:54 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 09:19:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/24 09:19:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/04/07 00:02:13 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/02/15 19:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
MOD - [2008/01/18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/24 09:19:49 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 09:19:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/15 15:46:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/12 18:36:24 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/06/06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/02/15 19:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe -- (AESTFilters)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\JAg\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/28 03:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/24 09:19:57 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/24 09:19:57 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/01 16:22:11 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/03 16:16:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/28 03:08:00 | 009,838,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 19:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/02/15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/17 11:22:00 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/21 14:49:47 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:49:47 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:49:47 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce(tm)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.backup.ftp: "141.24.33.192"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "141.24.33.192"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "141.24.33.192"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "141.24.33.192"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "93.186.192.85"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "93.186.192.85"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "93.186.192.85"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "93.186.192.85"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "93.186.192.85"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:32:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 09:13:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 23:01:30 | 000,000,000 | ---D | M]

[2009/04/06 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Extensions
[2010/07/28 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions
[2009/11/09 06:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009/07/01 17:10:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/22 06:34:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/10 23:46:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/25 09:05:16 | 000,000,000 | ---D | M] -- C:\Users\JAg\AppData\Roaming\Mozilla\Firefox\Profiles\0lbuexr3.default\extensions\firefox@tvunetworks.com
[2010/07/28 20:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 22:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/27 22:44:32 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/03 00:24:39 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/07/28 11:50:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JAg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JAg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 13:14:52 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {1C8B5F0A-4EDE-D808-8904-C2356E5E3223} - Microsoft Windows Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {26C6F5DD-8B95-CB98-CCBE-19CDD2694BC4} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2FEE7374-62BB-3C64-C54A-D38252274737} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4B4A5348-3DF7-A010-8B29-F20AF53646C7} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5245C883-6CCE-6C96-BB48-905553E6DF5A} - Offline Browsing Pack
ActiveX: {5B436709-90AA-5EA6-2F59-0C56CD090F0A} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7092AF14-F518-8AE0-F720-90ED52756A48} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D24AFE3-0CDD-F190-83E6-7C01E11312CB} - Microsoft Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF7CDA6F-CAFE-225B-585D-9EFF9FC7650C} - Themes Setup
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/29 02:46:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/29 02:46:14 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Local\temp
[2010/07/29 02:31:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/28 21:11:41 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Roaming\Ventrilo
[2010/07/28 21:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/07/28 21:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/28 14:42:37 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Users\JAg\Desktop\remover.exe
[2010/07/28 14:42:37 | 000,000,000 | ---D | C] -- C:\Users\JAg\Desktop\bootkit_remover
[2010/07/28 11:39:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/28 11:39:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/28 11:39:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/28 11:38:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/28 11:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/27 23:37:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/07/27 23:37:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/07/27 23:34:36 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/07/27 23:34:10 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/07/27 23:33:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/07/27 23:33:41 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/07/27 23:33:27 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/07/27 23:33:25 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/07/27 23:33:24 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/07/27 23:33:24 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/07/27 23:33:24 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/07/27 23:33:22 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/07/27 23:33:15 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/07/27 23:33:15 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/07/27 23:33:15 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/07/27 23:33:12 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/07/27 23:33:09 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/07/27 23:33:09 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/07/27 23:33:04 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/07/27 23:33:04 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/07/27 23:32:59 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/07/27 23:32:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/07/27 23:32:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/07/27 23:32:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/07/27 23:32:59 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/07/27 23:32:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/07/27 23:32:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/07/27 23:32:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/07/27 23:32:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/07/27 23:32:22 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/07/27 23:32:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/07/27 23:32:22 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/07/27 23:32:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/07/27 23:32:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/07/27 23:32:00 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/07/27 23:31:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/07/27 23:31:34 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/07/27 23:31:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/07/27 23:31:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/07/27 23:31:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/07/27 23:31:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/07/27 23:31:19 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/07/27 23:31:15 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/07/27 23:31:13 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/07/27 23:31:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/07/27 23:31:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/07/27 23:31:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/07/27 23:31:08 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/07/27 23:30:58 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/07/27 23:30:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/07/27 23:30:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/07/27 23:30:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/07/27 23:30:50 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/07/27 23:30:24 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/07/27 23:30:23 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/07/27 23:30:23 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/07/27 23:20:40 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/07/27 23:10:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
[2010/07/27 23:04:07 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/07/27 23:04:07 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/07/27 23:03:55 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/07/27 23:03:55 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/07/27 23:03:55 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/07/27 23:03:44 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/07/27 23:03:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/07/27 22:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/27 22:44:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 22:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 22:44:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/27 22:43:32 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\JAg\Desktop\jre-6u21-windows-i586.exe
[2010/07/27 22:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/27 22:41:44 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\Users\JAg\Documents\StarCraft II
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/27 15:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/07/27 13:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/27 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Roaming\SystemRequirementsLab
[2010/07/23 20:25:37 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/07/23 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/07/22 21:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2010/07/21 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Local\Deployment
[2010/07/21 16:34:49 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Local\Apps
[2010/07/16 23:00:41 | 000,000,000 | ---D | C] -- C:\Users\JAg\AppData\Roaming\Malwarebytes
[2010/07/16 23:00:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/16 23:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/16 23:00:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/16 23:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 21:58:18 | 000,000,000 | ---D | C] -- C:\Users\JAg\Desktop\Somaliland
[2010/07/12 08:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/07/06 13:33:28 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe

========== Files - Modified Within 30 Days ==========

[2010/07/29 02:48:40 | 004,980,736 | -HS- | M] () -- C:\Users\JAg\ntuser.dat
[2010/07/29 02:43:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/29 02:41:07 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/29 02:41:07 | 000,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/29 02:41:07 | 000,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/29 02:35:47 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/29 02:34:12 | 000,879,082 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/29 02:34:11 | 000,879,082 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/29 02:33:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/29 02:33:22 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 02:33:22 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/29 02:33:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/29 02:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/29 02:33:16 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/29 02:32:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/29 02:32:06 | 003,120,486 | -H-- | M] () -- C:\Users\JAg\AppData\Local\IconCache.db
[2010/07/29 02:32:06 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000001.regtrans-ms
[2010/07/29 02:32:06 | 000,065,536 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TM.blf
[2010/07/29 02:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/29 01:52:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000UA.job
[2010/07/28 23:53:39 | 000,000,057 | ---- | M] () -- C:\Users\JAg\Desktop\fix.bat
[2010/07/28 21:10:41 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/28 21:10:37 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/07/28 18:14:01 | 000,002,255 | ---- | M] () -- C:\Users\JAg\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/28 17:30:30 | 062,698,084 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/28 15:52:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177002003-3084292159-914443694-1000Core.job
[2010/07/28 14:41:48 | 000,036,833 | ---- | M] () -- C:\Users\JAg\Desktop\bootkit_remover.rar
[2010/07/28 11:50:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/28 11:35:23 | 003,746,488 | R--- | M] () -- C:\Users\JAg\Desktop\commy.exe
[2010/07/28 11:01:43 | 000,218,112 | ---- | M] () -- C:\Users\JAg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 23:59:50 | 000,134,744 | ---- | M] () -- C:\Users\JAg\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/27 23:58:27 | 002,378,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/27 23:09:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\JAg\Desktop\OTL.com
[2010/07/27 23:01:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/27 22:44:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/27 22:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/27 22:44:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/27 22:44:31 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/27 22:39:48 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\JAg\Desktop\jre-6u21-windows-i586.exe
[2010/07/27 15:51:24 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/26 21:04:53 | 000,165,339 | ---- | M] () -- C:\Users\JAg\Desktop\LooseChange.jpg
[2010/07/23 20:38:24 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/07/23 20:38:21 | 000,019,036 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/07/23 20:33:25 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/23 20:33:25 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/07/23 20:33:25 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/07/23 20:25:38 | 000,001,686 | ---- | M] () -- C:\Users\JAg\Desktop\Diablo II.lnk
[2010/07/23 20:25:37 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/07/23 20:25:37 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010/07/22 21:04:06 | 000,000,816 | ---- | M] () -- C:\Users\JAg\Desktop\StarCraft.lnk
[2010/07/21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Users\JAg\Desktop\remover.exe
[2010/07/19 12:23:19 | 000,018,314 | ---- | M] () -- C:\Users\JAg\Desktop\image001.gif
[2010/07/19 11:13:45 | 000,067,074 | ---- | M] () -- C:\Users\JAg\Desktop\36378682.nairobiaerials014.jpg
[2010/07/19 11:13:31 | 000,117,198 | ---- | M] () -- C:\Users\JAg\Desktop\36378684.nairobiaerials026.JPG
[2010/07/18 21:35:43 | 000,133,170 | ---- | M] () -- C:\Users\JAg\Desktop\1279506735173.jpg
[2010/07/16 23:00:37 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 20:40:41 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000002.regtrans-ms
[2010/07/16 20:36:34 | 000,524,288 | -HS- | M] () -- C:\Users\JAg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:36:34 | 000,065,536 | -HS- | M] () -- C:\Users\JAg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/13 22:10:55 | 000,019,816 | ---- | M] () -- C:\Users\JAg\Desktop\1279075000502.jpg
[2010/07/08 22:55:46 | 000,014,953 | ---- | M] () -- C:\Users\JAg\Desktop\1278641823792s.jpg
[2010/07/06 14:36:55 | 000,077,054 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010/07/06 14:02:55 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2010/07/06 14:02:55 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2010/07/05 16:30:34 | 000,002,255 | ---- | M] () -- C:\Users\JAg\Desktop\iTunes.lnk
[2010/07/01 21:09:34 | 000,070,713 | ---- | M] () -- C:\Users\JAg\Desktop\1278036060404.jpg
[2010/06/30 22:28:01 | 000,083,021 | ---- | M] () -- C:\Users\JAg\Desktop\1277952459068.jpg
[2010/06/30 19:37:02 | 000,000,680 | ---- | M] () -- C:\Users\JAg\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/07/28 23:53:39 | 000,000,057 | ---- | C] () -- C:\Users\JAg\Desktop\fix.bat
[2010/07/28 21:10:37 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010/07/28 21:10:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/28 14:42:28 | 000,036,833 | ---- | C] () -- C:\Users\JAg\Desktop\bootkit_remover.rar
[2010/07/28 11:54:52 | 003,746,488 | R--- | C] () -- C:\Users\JAg\Desktop\commy.exe
[2010/07/28 11:39:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/28 11:39:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/28 11:39:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/28 11:39:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/28 11:39:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/27 23:32:23 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/07/27 23:01:30 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/27 15:29:25 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010/07/26 21:04:53 | 000,165,339 | ---- | C] () -- C:\Users\JAg\Desktop\LooseChange.jpg
[2010/07/23 20:38:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/07/23 20:26:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/23 20:26:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/07/23 20:26:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/07/23 20:25:38 | 000,019,036 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/07/23 20:25:38 | 000,001,686 | ---- | C] () -- C:\Users\JAg\Desktop\Diablo II.lnk
[2010/07/23 20:25:37 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/07/22 21:04:06 | 000,000,816 | ---- | C] () -- C:\Users\JAg\Desktop\StarCraft.lnk
[2010/07/19 12:23:19 | 000,018,314 | ---- | C] () -- C:\Users\JAg\Desktop\image001.gif
[2010/07/19 11:13:45 | 000,067,074 | ---- | C] () -- C:\Users\JAg\Desktop\36378682.nairobiaerials014.jpg
[2010/07/19 11:13:31 | 000,117,198 | ---- | C] () -- C:\Users\JAg\Desktop\36378684.nairobiaerials026.JPG
[2010/07/18 21:35:43 | 000,133,170 | ---- | C] () -- C:\Users\JAg\Desktop\1279506735173.jpg
[2010/07/16 23:00:37 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 20:40:40 | 000,524,288 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000002.regtrans-ms
[2010/07/16 20:40:40 | 000,524,288 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:40:40 | 000,065,536 | -HS- | C] () -- C:\Users\JAg\ntuser.dat{0ceb8ec0-9143-11df-b704-9c79222ffa67}.TM.blf
[2010/07/16 20:39:09 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/06 19:42:58 | 000,002,255 | ---- | C] () -- C:\Users\JAg\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/06 13:33:29 | 000,077,054 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/07/06 13:33:28 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2010/01/28 10:51:19 | 000,190,976 | R--- | C] () -- C:\Windows\System32\Wgalogon.dll
[2009/08/02 20:13:31 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/03/23 11:00:02 | 000,667,136 | R--- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========



MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by MBvash on Thu Jul 29, 2010 8:02 am

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/18 23:38:04 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/18 23:36:12 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/18 23:43:00 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 08:53:49 | 002,036,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/18 23:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/04/06 19:28:17 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/07/29 02:46:13 | 000,020,990 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/29 02:33:16 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/01 15:53:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/27 22:50:16 | 000,014,039 | ---- | M] () -- C:\JavaRa.log
[2009/08/01 15:53:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 02:33:14 | 4069,675,008 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/07/27 23:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/01 16:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2009/07/28 16:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/06 17:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2010
[2010/01/28 11:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/01/28 11:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk Revit Architecture 2010
[2009/04/08 13:25:07 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk Student Community Download Tool
[2009/06/03 16:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/01/09 12:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\BFG
[2009/07/28 16:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/27 15:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Catan
[2009/05/02 11:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2010/07/29 02:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/06 17:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/07/26 01:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2009/10/14 00:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/09/09 15:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\FLAC
[2009/10/19 11:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/05/13 15:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/08/20 18:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\Grandpas Candy Factory
[2009/08/06 14:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/08/06 13:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/05/12 10:54:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/13 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/07/30 03:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/28 12:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/12/28 12:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/05/04 10:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/16 23:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/06 18:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/28 11:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/28 11:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2009/10/20 12:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/28 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/28 11:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/01/28 11:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/01/28 11:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/28 11:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/07/27 23:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/27 15:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/01/28 11:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/04 21:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/05/13 03:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/08 22:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2009/08/04 00:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2009/05/03 00:24:29 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/07/23 20:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2010/02/04 10:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2009/10/21 13:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\PixiePack Codec Pack
[2010/07/27 15:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2009/12/28 12:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/21 13:12:50 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/05 10:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Rhinoceros 4.0
[2009/04/06 22:17:25 | 000,000,000 | ---D | M] -- C:\Program Files\SecureW2
[2009/04/06 17:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/06/11 21:01:51 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/01/02 22:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2010/07/23 00:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/07/29 00:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2010/07/27 13:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/03/01 21:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2009/10/24 20:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/27 22:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/03/13 21:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010/07/28 21:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2010/07/12 08:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2009/04/06 21:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/07/26 19:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/04/15 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/07/27 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/07/27 23:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/15 14:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/04/15 14:34:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2009/08/02 20:13:31 | 000,022,328 | ---- | M] () -- C:\Users\JAg\AppData\Roaming\PnkBstrK.sys


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 14:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/04/07 00:03:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/04/07 00:21:48 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2009/04/07 00:21:48 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2009/04/07 00:21:49 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/18 21:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-28 04:46:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
< End of report >

MBvash
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2010-07-28
OS : Vista

View user profile

Back to top Go down

Re: Random adverts playing in background with no windows open

Post by Crush on Thu Jul 29, 2010 5:07 pm

Hi,

All that looks good. How are things running now?

TFC(Temp File Cleaner):


  • Please download [You must be registered and logged in to see this link.] to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.


Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Crush
Master
Master

Status :
Online
Offline

Posts : 3889
Joined : 2010-01-27
Gender : Male

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum