"invisible ads" playing in the background with no windows open

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

"invisible ads" playing in the background with no windows open

Post by unggoy on Fri 15 Apr 2011, 12:00 pm


As the title says, i came upon this when i fell for the Windows Fix Disk. I managed to fix the Windows fix disk part, but there still seems to be ad sounds when there are no browsers or windows open.

Operating system: Vista

I tried to use the TDSSkiller, but it won't start up at all.
I also tried to use TFC by OldTimer, and it didn't fix it.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Fri 15 Apr 2011, 3:11 pm

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Fri 15 Apr 2011, 5:27 pm

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-14 23:25:32
-----------------------------
23:25:32.987 OS Version: Windows 6.0.6002 Service Pack 2
23:25:32.987 Number of processors: 2 586 0xF0D
23:25:32.988 ComputerName: UNGGOY-PC UserName: Unggoy
23:26:07.803 Initialize success
23:26:20.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
23:26:20.682 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC33P Size: 152627MB BusType: 3
23:26:20.685 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
23:26:20.688 Disk 1 Vendor: Hitachi_HTS542516K9SA00 BBCOC33P Size: 152627MB BusType: 3
23:26:22.714 Disk 0 MBR read successfully
23:26:22.719 Disk 0 MBR scan
23:26:24.723 Disk 0 scanning sectors +312580096
23:26:24.806 Disk 0 scanning C:\Windows\system32\drivers
23:26:35.036 Service scanning
23:26:39.289 Disk 0 trace - called modules:
23:26:39.303 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86f651ed]<<
23:26:39.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c3968]
23:26:39.314 3 CLASSPNP.SYS[837478b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x861768a0]
23:26:39.320 \Driver\atapi[0x8611fd40] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86f651ed
23:26:39.328 Scan finished successfully

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Fri 15 Apr 2011, 8:33 pm

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sat 16 Apr 2011, 11:28 am

GMER 1.0.15.15570 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-15 17:27:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC33P
Running: gmer.exe; Driver: C:\Users\Unggoy\AppData\Local\Temp\uwrirpob.sys


---- System - GMER 1.0.15 ----

SSDT 8A6BFA70 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1C1 82AF4944 4 Bytes [70, FA, 6B, 8A]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AF56000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AF9F000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA0D340, 0x3EEDE7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[1316] ntdll.dll!DbgBreakPoint 771D884E 1 Byte [90]
.text C:\Windows\Explorer.EXE[3988] WININET.dll!HttpAddRequestHeadersA 7591CF4E 5 Bytes JMP 004A164F
.text C:\Windows\Explorer.EXE[3988] WININET.dll!HttpAddRequestHeadersW 7591FE49 5 Bytes JMP 004A1817

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86EB01ED
Device \Driver\atapi \Device\Ide\IdePort1 86EB01ED
Device \Driver\atapi \Device\Ide\IdePort2 86EB01ED
Device \Driver\atapi \Device\Ide\IdePort4 86EB01ED

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:256] 86EB4E84
Thread System [4:260] 86EB7084

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Users\Unggoy\AppData\Roaming\Microsoft\Windows\Cookies\unggoy@scorecardresearch[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Sat 16 Apr 2011, 7:43 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sat 16 Apr 2011, 7:46 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite X205
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 161):
0x82A4C000 \SystemRoot\system32\ntkrnlpa.exe
0x82A19000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8071D000 \SystemRoot\System32\drivers\partmgr.sys
0x8072C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8072F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80739000 \SystemRoot\system32\drivers\volmgr.sys
0x80748000 \SystemRoot\System32\drivers\volmgrx.sys
0x80792000 \SystemRoot\system32\drivers\intelide.sys
0x80799000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A7000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D4000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E4000 \SystemRoot\system32\drivers\atapi.sys
0x805BA000 \SystemRoot\system32\drivers\ataport.SYS
0x807EC000 \SystemRoot\system32\drivers\msahci.sys
0x83407000 \SystemRoot\system32\drivers\fltmgr.sys
0x83439000 \SystemRoot\system32\drivers\fileinfo.sys
0x83449000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83452000 \SystemRoot\System32\Drivers\ksecdd.sys
0x834C3000 \SystemRoot\system32\drivers\ndis.sys
0x835CE000 \SystemRoot\system32\drivers\msrpc.sys
0x83604000 \SystemRoot\system32\drivers\NETIO.SYS
0x8363F000 \SystemRoot\System32\drivers\tcpip.sys
0x83729000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF14000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF4D000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8AF52000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8AF9D000 \SystemRoot\System32\Drivers\spldr.sys
0x8AFA5000 \SystemRoot\System32\Drivers\mup.sys
0x8AFB4000 \SystemRoot\System32\drivers\ecache.sys
0x8AFDB000 \SystemRoot\system32\drivers\disk.sys
0x83744000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFEC000 \SystemRoot\system32\drivers\crcdisk.sys
0x8377C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83787000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83790000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F33A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F3DA000 \SystemRoot\System32\drivers\watchdog.sys
0x8F3E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8379F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F603000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F805000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FA34000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FA44000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FA52000 \SystemRoot\system32\drivers\tifm21.sys
0x8FA9E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FAB8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FABC000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x8FABF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FAD2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FADD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FB0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FB0C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FB17000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8FB1C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FB35000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8FB3B000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x8FB3C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x8FB5D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FB8C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FBCD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FBD8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FBEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F690000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F6B3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F6C2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F6D6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FBFA000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8F6EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F6FB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F725000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x8F753000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F75D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F76A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F79F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F7B0000 \SystemRoot\system32\drivers\portcls.sys
0x805D8000 \SystemRoot\system32\drivers\drmk.sys
0x9040B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90527000 \SystemRoot\system32\drivers\modem.sys
0x90534000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x90535000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x90536000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9053F000 \SystemRoot\System32\Drivers\Null.SYS
0x90546000 \SystemRoot\System32\Drivers\Beep.SYS
0x90556000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9055D000 \SystemRoot\System32\drivers\vga.sys
0x90569000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90571000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90579000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90584000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90592000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9059B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x905B1000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8F7DD000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x905DF000 \SystemRoot\system32\DRIVERS\smb.sys
0x90606000 \SystemRoot\system32\drivers\afd.sys
0x9064E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90680000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90696000 \SystemRoot\system32\DRIVERS\netbios.sys
0x906A4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x906B7000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x906C8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90704000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9070E000 \SystemRoot\System32\Drivers\dfsc.sys
0x90725000 \SystemRoot\System32\Drivers\tcusb.sys
0x9072D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90744000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x9074D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9076E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90777000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90787000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9078F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x907A5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x907B2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x907BD000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9A2C0000 \SystemRoot\System32\win32k.sys
0x907C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x907D1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A4E0000 \SystemRoot\System32\TSDDD.dll
0x9A500000 \SystemRoot\System32\cdd.dll
0x9A510000 \SystemRoot\System32\ATMFD.DLL
0x907E0000 \SystemRoot\system32\drivers\luafv.sys
0xA020A000 \SystemRoot\system32\drivers\spsys.sys
0xA02BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA02CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA02F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA02FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0311000 \SystemRoot\system32\drivers\HTTP.sys
0xA037E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA039B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA03B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA03C9000 \SystemRoot\system32\drivers\mrxdav.sys
0x837DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1A01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1A3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1A52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1A7A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1AE1000 \??\C:\Windows\system32\drivers\iPodDrv.sys
0xA1AE9000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA1AEB000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xA1AF5000 \SystemRoot\system32\drivers\peauth.sys
0xA1BD3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1BDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77730000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
568 C:\Windows\System32\smss.exe
708 csrss.exe
760 C:\Windows\System32\wininit.exe
772 csrss.exe
804 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
980 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\nvvsvc.exe
1040 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1084 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\winlogon.exe
1232 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\audiodg.exe
1452 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\SLsvc.exe
1524 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\rundll32.exe
1724 C:\Windows\System32\svchost.exe
1824 C:\Program Files\Protector Suite QL\upeksvr.exe
1948 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
668 C:\Windows\System32\wlanext.exe
1548 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\agrsmsvc.exe
2396 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2420 C:\Program Files\Bonjour\mDNSResponder.exe
2436 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2484 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2596 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
2636 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
2684 C:\Program Files\LogMeIn\x86\ramaint.exe
2720 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2804 C:\Toshiba\IVP\ISM\pinger.exe
2824 C:\Windows\System32\svchost.exe
2836 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2856 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2884 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2944 C:\Windows\System32\svchost.exe
2984 C:\Toshiba\IVP\swupdate\swupdtmr.exe
3008 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
3040 C:\Windows\System32\TODDSrv.exe
3060 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
3096 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3168 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
3200 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3224 C:\Windows\System32\svchost.exe
3260 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3292 C:\Windows\System32\SearchIndexer.exe
3352 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3488 C:\Windows\System32\taskeng.exe
3600 C:\Windows\System32\svchost.exe
2784 C:\Program Files\Windows Media Player\wmpnetwk.exe
3648 C:\Windows\System32\dwm.exe
1268 C:\Windows\System32\taskeng.exe
2152 C:\Windows\explorer.exe
904 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
4140 C:\Program Files\Windows Defender\MSASCui.exe
4176 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
4388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4404 C:\Program Files\Toshiba\Utilities\KeNotify.exe
4412 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
4428 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
4436 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
4468 C:\Windows\RtHDVCpl.exe
4500 C:\Windows\System32\rundll32.exe
4508 C:\Program Files\iTunes\iTunesHelper.exe
4548 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
4564 C:\Users\Unggoy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
4576 C:\Program Files\Skype\Phone\Skype.exe
4600 C:\Program Files\Protector Suite QL\psqltray.exe
4708 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
5136 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
5576 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
5608 C:\Windows\System32\wuauclt.exe
5768 C:\Program Files\iPod\bin\iPodService.exe
4384 C:\Program Files\Mozilla Firefox\firefox.exe
5100 C:\Program Files\Mozilla Firefox\plugin-container.exe
4376 C:\Windows\System32\SearchProtocolHost.exe
4344 C:\Windows\System32\SearchFilterHost.exe
628 C:\Users\Unggoy\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC33P
PhysicalDrive1 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC33P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
149 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Sun 17 Apr 2011, 4:06 am

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sun 17 Apr 2011, 5:19 am

i re-ran MBRCheck but the line Enter 'Y' and hit ENTER for more options, or 'N' to exit:
never showed. What it did was show the device names and then it said Done! Press Enter to exit.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Sun 17 Apr 2011, 2:38 pm

Kaspersky Virus Removal Tool (AVP Tool)

The Kaspersky Virus Removal Tool is a dynamic malware removal tool, aimed to precisely eliminate any and all malware infection on a system. It is able to remove some of the most serious malware infections.

Please download the Kaspersky Virus Removal Tool to your Desktop.

  • It will create a setup file. Go through the prompts to install the tool.
  • Once setup completes, the tool will start.
  • Click the manual disinfection tab, and then click the Gathering system information button.
  • It will scan your computer, and provide a report. Click the open folder link, and it will provide a copy of the report in a RAR file.
  • Please upload that file to the site in your next reply.


Note: if the scan freezes for more than 30 minutes, report back to me and let me know.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sun 17 Apr 2011, 4:26 pm

Heres the RAR

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Mon 18 Apr 2011, 1:47 pm

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Tue 19 Apr 2011, 12:15 pm

All i got from that scan was this,

Autoscan: completed 24 minutes ago (events: 2, objects: 1236058, time: 06:05:52)
4/18/2011 11:39:35 AM Task started
4/18/2011 5:45:27 PM Task completed

I tried putting the Detected part on the kas file, but it showed "unknown" in the txt.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Tue 19 Apr 2011, 2:17 pm

And still the invisible ads?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Tue 19 Apr 2011, 6:43 pm

Yes, and now there is also google redirect.

[You must be registered and logged in to see this link.]
that is a picture of this error that pops up, and when that pops up the ads stop if i leave it there.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Thu 21 Apr 2011, 1:34 pm

Does this happen on any other computers in your household (if you have them)?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Thu 21 Apr 2011, 2:18 pm

No, this is on a laptop, someone said to do a DNS flush or something of the likes for the redirecting links of search engines.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Fri 22 Apr 2011, 3:00 pm

Let's take a look at your DNS anyway with my tool...

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Double-click RenewMyDNS.exe to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete RenewMyDNS.exe


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Fri 22 Apr 2011, 3:20 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.0.6002]


``````````Network and DNS Information``````````



Windows IP Configuration

Host Name . . . . . . . . . . . . : Unggoy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-44-BA-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5e5:c7c7:7260:1bc2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 21, 2011 12:24:36 PM
Lease Expires . . . . . . . . . . : Friday, April 22, 2011 12:24:34 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 268443451
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-55-BB-4D-00-1E-EC-34-45-38
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-34-1E-18-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.16.233.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Thursday, April 21, 2011 12:24:26 PM
Lease Expires . . . . . . . . . . : Friday, April 20, 2012 12:26:32 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{CDCD3827-53AD-49A3-A373-28131790A26E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:510:e965::510:e965(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4f:1dd2:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::4f:1dd2:3f57:fe99%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


``````````Speed-test - Ping``````````


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=63ms TTL=55

Reply from 209.191.122.70: bytes=32 time=62ms TTL=55

Reply from 209.191.122.70: bytes=32 time=63ms TTL=55

Reply from 209.191.122.70: bytes=32 time=65ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 65ms, Average = 63ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=28ms TTL=117

Reply from 64.202.189.170: bytes=32 time=25ms TTL=117

Reply from 64.202.189.170: bytes=32 time=25ms TTL=117

Reply from 64.202.189.170: bytes=32 time=27ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 28ms, Average = 26ms



Pinging facebook.com [69.63.181.12] with 32 bytes of data:

Reply from 69.63.181.12: bytes=32 time=35ms TTL=245

Reply from 69.63.181.12: bytes=32 time=27ms TTL=245

Reply from 69.63.181.12: bytes=32 time=27ms TTL=245

Reply from 69.63.181.12: bytes=32 time=29ms TTL=245



Ping statistics for 69.63.181.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 35ms, Average = 29ms



Pinging google.com [74.125.224.211] with 32 bytes of data:

Reply from 74.125.224.211: bytes=32 time=18ms TTL=56

Reply from 74.125.224.211: bytes=32 time=17ms TTL=56

Reply from 74.125.224.211: bytes=32 time=17ms TTL=56

Reply from 74.125.224.211: bytes=32 time=19ms TTL=56



Ping statistics for 74.125.224.211:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 19ms, Average = 17ms


********************
EOF

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Sat 23 Apr 2011, 8:00 pm

Go to Start > Run, type in cmd and hit OK.

Copy and paste this phrase in to the Command Prompt line:

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt


If you have troubles pasting it, right click on the Command Prompt window and click Paste. Then, hit Enter.

Post the log that launches.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sat 23 Apr 2011, 10:26 pm

nothing appeared in the log. Just blank.

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Mon 25 Apr 2011, 8:02 pm

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Tue 26 Apr 2011, 11:22 am

[You must be registered and logged in to see this link.]

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by DragonMaster Jay on Thu 28 Apr 2011, 2:54 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by unggoy on Sun 01 May 2011, 5:54 am

ComboFix 11-04-29.04 - Unggoy 04/30/2011 11:29:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2271 [GMT -7:00]
Running from: c:\users\Unggoy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Uninstall Windows Fix Disk.lnk
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Windows Fix Disk.lnk
D:\install.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-29 08:22 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D1F3018-1167-4CB4-8F29-285C5802604F}\mpengine.dll
2011-04-27 23:19 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 23:19 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 23:18 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-24 00:28 . 2011-04-24 00:28 51488 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\RandomMap.dll
2011-04-24 00:28 . 2011-04-24 00:28 13600 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\RandomMapBinder.dll
2011-04-24 00:28 . 2011-04-24 00:28 19232 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\CLRBinder.dll
2011-04-24 00:04 . 2011-04-24 00:04 15648 ----a-w- c:\program files\Microsoft Games\Project S\XLiveDLC.dll
2011-04-24 00:04 . 2011-04-24 00:04 11756320 ----a-w- c:\program files\Microsoft Games\Project S\Spartan.exe
2011-04-24 00:04 . 2011-04-24 00:04 81998 ----a-w- c:\program files\Microsoft Games\Project S\RockallDLL.dll
2011-04-24 00:04 . 2011-04-24 00:04 746496 ----a-w- c:\program files\Microsoft Games\Project S\granny2.dll
2011-04-24 00:04 . 2011-04-24 00:04 73728 ----a-w- c:\program files\Microsoft Games\Project S\eulax.dll
2011-04-24 00:04 . 2011-04-24 00:04 153376 ----a-w- c:\program files\Microsoft Games\Project S\AOEOnlineReplace.exe
2011-04-24 00:04 . 2011-04-24 00:04 4160288 ----a-w- c:\program files\Microsoft Games\Project S\AOEOnline.exe
2011-04-24 00:03 . 2011-04-24 00:03 173408 ----a-w- c:\program files\Microsoft Games\Project S\pw32b.dll
2011-04-24 00:01 . 2008-10-15 13:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-04-24 00:01 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-04-24 00:01 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-04-17 05:15 . 2011-04-18 18:37 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-14 21:28 . 2011-04-14 21:28 -------- d-----w- c:\program files\ESET
2011-04-14 17:13 . 2011-04-14 17:13 -------- d-----w- c:\users\Unggoy\AppData\Roaming\Malwarebytes
2011-04-14 17:12 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:12 . 2011-04-14 17:12 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 17:12 . 2011-04-14 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 21:19 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-27 23:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 23:19 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 23:19 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 23:19 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-03 01:11 . 2009-10-03 02:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:43 . 2011-02-02 07:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 14:49 . 2011-03-22 08:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Unggoy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"TP CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 820872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ------w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 20:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 02:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 utm4ntg4;AVZ Kernel Driver;c:\windows\system32\Drivers\utm4ntg4.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-04 6656]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Unggoy\AppData\Roaming\Mozilla\Firefox\Profiles\m14p16vd.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2096)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-04-30 11:48:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 18:48
.
Pre-Run: 9,878,630,400 bytes free
Post-Run: 9,698,398,208 bytes free
.
- - End Of File - - B6FF068FBAEDF207A6B3E826F3AAC6F2

unggoy

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2011-04-15
Operating System : vista

View user profile

Back to top Go down

Re: "invisible ads" playing in the background with no windows open

Post by Sponsored content Today at 7:39 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum