Ads playing with no windows open

View previous topic View next topic Go down

Ads playing with no windows open

Post by mjkeenan89 on Sun Sep 11, 2011 8:00 pm

Hello,
This problem started a couple of days ago where ads will play on my computer with no source for them, just the sound. I saw a similar post on here but wanted to make sure I solved the problem for my computer. I have my OTL logs and my aswMBR log and was hoping to get some help. I also have run Malwarebytes, Spybot search and destroy, as well as my McAfee. Thank you for your help.

OTL logfile created on: 9/11/2011 1:34:16 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Sys Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.85% Memory free
3.85 Gb Paging File | 2.82 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 49.60 Gb Free Space | 53.24% Space Free | Partition Type: NTFS

Computer Name: SYS-963C6F48603 | User Name: Sys Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/11 13:33:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sys Admin\My Documents\Downloads\OTL.com
PRC - [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/07 17:28:58 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/13 09:58:00 | 001,312,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Sys Admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/07/21 15:07:18 | 000,962,048 | ---- | M] (Desksware) -- C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/10/07 12:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 14:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/06/28 21:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/09 16:02:32 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/19 11:39:12 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/14 14:23:43 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/14 14:23:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/10 08:11:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 07:49:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 07:49:45 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 07:49:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 07:44:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 07:28:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/08/07 17:28:58 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/13 15:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/10/24 18:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/10/24 18:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/08/29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2008/10/24 18:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 17:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/11/10 09:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 18:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uwc.ac.za/"
FF - prefs.js..network.proxy.backup.ftp: "192.102.9.33"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "192.102.9.33"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.102.9.33"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.102.9.33"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "192.102.9.33"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "192.102.9.33"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.102.9.33"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.102.9.33"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Sys Admin\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Sys Admin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Sys Admin\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/31 13:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/05/11 16:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/13 11:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 16:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/23 13:53:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Sys Admin\Application Data\Move Networks [2009/12/03 00:32:51 | 000,000,000 | ---D | M]

[2009/10/06 18:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sys Admin\Application Data\Mozilla\Extensions
[2011/07/10 06:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sys Admin\Application Data\Mozilla\Firefox\Profiles\33cnn6xk.default\extensions
[2010/04/30 22:29:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sys Admin\Application Data\Mozilla\Firefox\Profiles\33cnn6xk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/30 14:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 09:02:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SYS ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\33CNN6XK.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2010/02/05 22:09:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/09 16:02:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 16:29:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/25 14:23:35 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/12/31 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110909182609.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Desktop iCalendar Lite.exe] C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe (Desksware)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Sys Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Sys Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6542A7A1-9714-464F-AE0D-BD51038D32F6}: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Sys Admin\ctfmon.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sys Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sys Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/23 18:15:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d9ef70f-a643-11e0-ba52-0019b9665a49}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9ef70f-a643-11e0-ba52-0019b9665a49}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d9ef70f-a643-11e0-ba52-0019b9665a49}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 13:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/09/11 12:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/11 12:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy1
[2011/09/11 10:54:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/11 10:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 10:54:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/11 10:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/09 12:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/23 14:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/23 14:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 13:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/23 13:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/23 13:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/23 12:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sys Admin\My Documents\Resume & Jobs
[2011/08/18 11:23:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 13:31:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/11 13:17:00 | 000,473,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/11 13:17:00 | 000,076,410 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/11 13:15:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/11 13:13:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2011/09/11 13:13:03 | 000,069,425 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/09/11 13:12:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/11 13:12:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/11 12:49:34 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Sys Admin\Desktop\Spybot - Search & Destroy.lnk
[2011/09/11 10:54:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/09 21:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/06 09:10:27 | 002,234,905 | ---- | M] () -- C:\Documents and Settings\Sys Admin\My Documents\Transcript_Stephanie_Turner.pdf
[2011/09/03 04:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 14:02:37 | 000,171,674 | ---- | M] () -- C:\Documents and Settings\Sys Admin\My Documents\form.pdf
[2011/09/02 12:39:24 | 000,171,633 | ---- | M] () -- C:\Documents and Settings\Sys Admin\My Documents\Fletcher Allen Clinical Evaluation 2011-1.pdf
[2011/09/01 09:26:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Sys Admin\Desktop\Microsoft Office Word 2007.lnk
[2011/08/30 20:09:03 | 000,069,425 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/08/25 20:28:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/23 14:02:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/23 13:52:55 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/23 12:17:48 | 000,006,020 | ---- | M] () -- C:\Documents and Settings\Sys Admin\Desktop\Unofficial transcript - Matthew Keenan.pdf
[2011/08/19 11:39:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 12:49:34 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Sys Admin\Desktop\Spybot - Search & Destroy.lnk
[2011/09/11 10:54:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/06 09:10:27 | 002,234,905 | ---- | C] () -- C:\Documents and Settings\Sys Admin\My Documents\Transcript_Stephanie_Turner.pdf
[2011/09/02 14:02:37 | 000,171,674 | ---- | C] () -- C:\Documents and Settings\Sys Admin\My Documents\form.pdf
[2011/09/02 12:39:23 | 000,171,633 | ---- | C] () -- C:\Documents and Settings\Sys Admin\My Documents\Fletcher Allen Clinical Evaluation 2011-1.pdf
[2011/08/23 14:02:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/23 13:52:55 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/23 13:31:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/18 19:52:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/08 12:33:37 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sys Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 16:36:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/03/29 16:36:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/03/29 16:36:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/03/29 16:27:01 | 000,035,741 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/12/13 23:00:39 | 000,056,356 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/10 00:09:23 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/10 00:09:23 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6BADE7A914.sys
[2009/10/06 17:59:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/26 22:36:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/03 13:31:43 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2009/07/03 13:31:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/03/20 10:05:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/20 10:05:14 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/03/20 10:05:13 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/02/24 11:34:14 | 000,069,425 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/02/23 18:44:25 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/02/23 18:44:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/23 18:44:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/23 18:44:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/02/23 18:44:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/23 18:44:19 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/02/23 18:44:13 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/02/23 18:44:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/02/23 18:44:11 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/02/23 18:17:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/23 18:12:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/23 11:04:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/23 11:03:24 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/12/31 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/12/31 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/12/31 18:00:00 | 000,473,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/12/31 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/12/31 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/12/31 18:00:00 | 000,076,410 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/12/31 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/12/31 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/12/31 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/12/31 18:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/12/31 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/12/31 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/09 16:02:34 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/09 16:02:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/09 16:02:30 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/09/08 12:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/16 15:16:12 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/02/23 18:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2011/08/24 11:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/24 12:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/05/11 16:16:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2011/08/23 13:56:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/16 10:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Catan GmbH
[2009/04/08 22:44:15 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2011/09/11 12:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/23 18:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/02/24 11:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/03/20 10:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/09/22 23:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\desksware
[2009/07/03 13:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo
[2010/06/21 09:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2010/06/24 12:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2011/03/31 22:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2011/05/11 16:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/05/11 16:15:41 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2011/08/07 18:15:29 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/08/11 23:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/08/23 14:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/08/23 14:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/07/12 09:01:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/08 12:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2011/08/07 17:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\League of Legends
[2010/06/24 12:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/06/24 12:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia Dreamweaver 8
[2009/04/16 18:18:55 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Online
[2011/09/11 10:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/03 19:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/22 13:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/08/03 19:33:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/02/26 21:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/05/11 16:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/06/08 13:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Calculator Plus
[2009/02/23 18:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/07/28 09:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/24 05:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/12/03 18:30:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/08/04 21:51:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 10:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/09/09 18:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/04 09:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/02/23 18:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/23 18:12:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/05/11 16:16:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2009/12/03 10:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/02/26 21:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/02/23 18:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 07:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/08/07 17:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2011/08/23 13:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/12/04 09:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/02/24 11:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/08/26 22:33:30 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/03 19:19:49 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/11 12:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy1
[2010/06/06 10:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2009/02/23 18:20:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/24 21:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2011/07/11 02:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\VLC
[2010/07/15 21:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/07/16 01:25:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/26 21:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/23 18:14:36 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/04/16 18:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Wizards of the Coast
[2009/02/23 18:15:55 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2006/12/31 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/12/31 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/12/31 18:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/12/31 18:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/02/26 21:17:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/12/31 18:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/12/31 18:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 18:52:57

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 05:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/09 16:02:30 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/09 16:02:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/21 05:46:21 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/06/20 05:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Sun Sep 11, 2011 8:01 pm

OTL Extras logfile created on: 9/11/2011 1:34:16 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Sys Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.85% Memory free
3.85 Gb Paging File | 2.82 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 49.60 Gb Free Space | 53.24% Space Free | Partition Type: NTFS

Computer Name: SYS-963C6F48603 | User Name: Sys Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56251:TCP" = 56251:TCP:*:Enabled:Pando Media Booster
"56251:UDP" = 56251:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56251:TCP" = 56251:TCP:*:Enabled:Pando Media Booster
"56251:UDP" = 56251:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Documents and Settings\Sys Admin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Sys Admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = CU VPN Client 5.0.04.0300
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio
"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Battle.net" = Battle.net
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop iCalendar Lite_is1" = Desktop iCalendar Lite 1.9.3.0
"Diablo" = Diablo
"Diablo II" = Diablo II
"FileZilla Client" = FileZilla Client 3.3.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock Plus" = ObjectDock Plus
"PUBLISHERR" = Microsoft Office Publisher 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2011 9:45:21 AM | Computer Name = SYS-963C6F48603 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/9/2011 2:47:17 PM | Computer Name = SYS-963C6F48603 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.1.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2011 2:48:30 PM | Computer Name = SYS-963C6F48603 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.1.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2011 7:10:00 PM | Computer Name = SYS-963C6F48603 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module unknown, version 0.0.0.0, fault address 0x20296425.

[ OSession Events ]
Error - 7/6/2010 6:45:57 PM | Computer Name = SYS-963C6F48603 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5237
seconds with 3300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/30/2011 2:10:24 PM | Computer Name = SYS-963C6F48603 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/30/2011 10:09:12 PM | Computer Name = SYS-963C6F48603 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/30/2011 10:09:12 PM | Computer Name = SYS-963C6F48603 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/31/2011 11:25:08 PM | Computer Name = SYS-963C6F48603 | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CDRW/DVD TSL462D' (IDE\CdRomTSSTcorp_CDRW/DVD_TSL462D_______________DE01____\5&71fea3a&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 9/1/2011 10:42:53 PM | Computer Name = SYS-963C6F48603 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.106. The machine with the IP address 192.168.1.101 did
not allow the name to be claimed by this machine.

Error - 9/1/2011 10:43:44 PM | Computer Name = SYS-963C6F48603 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.106. The machine with the IP address 192.168.1.101 did
not allow the name to be claimed by this machine.

Error - 9/4/2011 11:32:06 PM | Computer Name = SYS-963C6F48603 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 001A92B2161E.

Error - 9/6/2011 9:44:55 AM | Computer Name = SYS-963C6F48603 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 001A92B2161E.

Error - 9/8/2011 8:32:12 PM | Computer Name = SYS-963C6F48603 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 001A92B2161E.

Error - 9/11/2011 3:14:08 PM | Computer Name = SYS-963C6F48603 | Source = System Error | ID = 1003
Description = Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.


< End of report >


I will post my aswMBR log when it has finished scanning soon.

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Sun Sep 11, 2011 8:12 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-11 13:54:58
-----------------------------
13:54:58.031 OS Version: Windows 5.1.2600 Service Pack 3
13:54:58.031 Number of processors: 2 586 0xF06
13:54:58.031 ComputerName: SYS-963C6F48603 UserName: Sys Admin
13:55:02.375 Initialize success
14:03:40.125 AVAST engine defs: 11091100
14:08:12.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:08:12.203 Disk 0 Vendor: Size: 0MB BusType: 0
14:08:14.218 Disk 0 MBR read successfully
14:08:14.218 Disk 0 MBR scan
14:08:14.265 Disk 0 MBR:Whistler-C [Rtk]
14:08:14.265 Disk 0 Whistler@MBR code has been found
14:08:14.265 Disk 0 MBR hidden
14:08:14.265 Disk 0 MBR [Whistler] **ROOTKIT**
14:08:14.296 Disk 0 scanning C:\WINDOWS\system32\drivers
14:08:24.500 Service scanning
14:08:25.703 Modules scanning
14:08:30.609 Disk 0 trace - called modules:
14:08:30.625 ntkrnlpa.exe >>UNKNOWN [0x89ec4a0a]<<
14:08:30.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa78ab8]
14:08:30.640 \Driver\Disk[0x8aac7218] -> IRP_MJ_READ -> 0x89ec4a0a
14:08:31.968 AVAST engine scan C:\WINDOWS
14:08:46.890 AVAST engine scan C:\WINDOWS\system32
14:10:27.156 AVAST engine scan C:\WINDOWS\system32\drivers
14:10:40.484 AVAST engine scan C:\Documents and Settings\Sys Admin
14:12:01.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sys Admin\Desktop\MBR.dat"
14:12:01.171 The log file has been saved successfully to "C:\Documents and Settings\Sys Admin\Desktop\aswMBR.txt"

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by Belahzur on Sun Sep 11, 2011 11:35 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Mon Sep 12, 2011 4:15 pm

The first scan found a virus which required a restart to cure which I did. Unfortunately I forgot to copy the name of the trojan before restarting. Thank you again for your help.


2011/09/12 10:13:19.0078 4784 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/12 10:13:19.0625 4784 ================================================================================
2011/09/12 10:13:19.0625 4784 SystemInfo:
2011/09/12 10:13:19.0625 4784
2011/09/12 10:13:19.0625 4784 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/12 10:13:19.0625 4784 Product type: Workstation
2011/09/12 10:13:19.0625 4784 ComputerName: SYS-963C6F48603
2011/09/12 10:13:19.0625 4784 UserName: Sys Admin
2011/09/12 10:13:19.0625 4784 Windows directory: C:\WINDOWS
2011/09/12 10:13:19.0625 4784 System windows directory: C:\WINDOWS
2011/09/12 10:13:19.0625 4784 Processor architecture: Intel x86
2011/09/12 10:13:19.0625 4784 Number of processors: 2
2011/09/12 10:13:19.0625 4784 Page size: 0x1000
2011/09/12 10:13:19.0625 4784 Boot type: Normal boot
2011/09/12 10:13:19.0625 4784 ================================================================================
2011/09/12 10:13:19.0656 4784 Initialize success
2011/09/12 10:13:37.0781 4756 ================================================================================
2011/09/12 10:13:37.0781 4756 Scan started
2011/09/12 10:13:37.0781 4756 Mode: Manual;
2011/09/12 10:13:37.0781 4756 ================================================================================
2011/09/12 10:13:38.0375 4756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/12 10:13:38.0421 4756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/12 10:13:38.0453 4756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/12 10:13:38.0500 4756 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/12 10:13:38.0609 4756 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/09/12 10:13:38.0687 4756 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/12 10:13:38.0750 4756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/12 10:13:38.0781 4756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/12 10:13:38.0812 4756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/12 10:13:38.0859 4756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/12 10:13:38.0906 4756 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/09/12 10:13:39.0015 4756 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/12 10:13:39.0078 4756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/12 10:13:39.0140 4756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/12 10:13:39.0171 4756 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/12 10:13:39.0218 4756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/12 10:13:39.0265 4756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/12 10:13:39.0296 4756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/12 10:13:39.0343 4756 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
2011/09/12 10:13:39.0453 4756 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/12 10:13:39.0484 4756 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/12 10:13:39.0593 4756 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/09/12 10:13:39.0640 4756 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/09/12 10:13:39.0718 4756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/12 10:13:39.0765 4756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/12 10:13:39.0843 4756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/12 10:13:39.0875 4756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/12 10:13:39.0906 4756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/12 10:13:39.0953 4756 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/09/12 10:13:39.0984 4756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/12 10:13:40.0046 4756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/12 10:13:40.0109 4756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/12 10:13:40.0125 4756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/12 10:13:40.0140 4756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/12 10:13:40.0171 4756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/12 10:13:40.0203 4756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/12 10:13:40.0218 4756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/12 10:13:40.0250 4756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/12 10:13:40.0281 4756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/12 10:13:40.0312 4756 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\WINDOWS\system32\Drivers\oz776.sys
2011/09/12 10:13:40.0390 4756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/12 10:13:40.0437 4756 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/12 10:13:40.0531 4756 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/09/12 10:13:40.0593 4756 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/09/12 10:13:40.0625 4756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/12 10:13:40.0734 4756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/12 10:13:40.0750 4756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/12 10:13:40.0812 4756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/12 10:13:40.0843 4756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/12 10:13:40.0906 4756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/12 10:13:40.0937 4756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/12 10:13:40.0968 4756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/12 10:13:41.0015 4756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/12 10:13:41.0046 4756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/12 10:13:41.0062 4756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/12 10:13:41.0125 4756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/12 10:13:41.0140 4756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/12 10:13:41.0171 4756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/12 10:13:41.0234 4756 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/09/12 10:13:41.0281 4756 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/12 10:13:41.0328 4756 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/12 10:13:41.0390 4756 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/09/12 10:13:41.0421 4756 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/09/12 10:13:41.0484 4756 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/09/12 10:13:41.0515 4756 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/09/12 10:13:41.0562 4756 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/09/12 10:13:41.0625 4756 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/09/12 10:13:41.0640 4756 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/09/12 10:13:41.0671 4756 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/09/12 10:13:41.0703 4756 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/09/12 10:13:41.0734 4756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/12 10:13:41.0781 4756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/12 10:13:41.0828 4756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/12 10:13:41.0859 4756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/12 10:13:41.0906 4756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/12 10:13:41.0937 4756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/12 10:13:41.0984 4756 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/12 10:13:42.0031 4756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/12 10:13:42.0078 4756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/12 10:13:42.0109 4756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/12 10:13:42.0140 4756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/12 10:13:42.0171 4756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/12 10:13:42.0203 4756 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/12 10:13:42.0250 4756 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/12 10:13:42.0328 4756 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/12 10:13:42.0375 4756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/12 10:13:42.0406 4756 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/12 10:13:42.0453 4756 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/12 10:13:42.0468 4756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/12 10:13:42.0515 4756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/12 10:13:42.0562 4756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/12 10:13:42.0609 4756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/12 10:13:42.0656 4756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/12 10:13:42.0687 4756 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/12 10:13:42.0703 4756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/12 10:13:42.0734 4756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/12 10:13:42.0796 4756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/12 10:13:42.0937 4756 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/12 10:13:43.0046 4756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/12 10:13:43.0046 4756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/12 10:13:43.0093 4756 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/12 10:13:43.0125 4756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/12 10:13:43.0140 4756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/12 10:13:43.0171 4756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/12 10:13:43.0187 4756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/12 10:13:43.0218 4756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/12 10:13:43.0250 4756 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/12 10:13:43.0375 4756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/12 10:13:43.0421 4756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/12 10:13:43.0468 4756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/12 10:13:43.0546 4756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/12 10:13:43.0593 4756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/12 10:13:43.0609 4756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/12 10:13:43.0625 4756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/12 10:13:43.0656 4756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/12 10:13:43.0671 4756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/12 10:13:43.0687 4756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/12 10:13:43.0734 4756 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/12 10:13:43.0781 4756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/12 10:13:43.0859 4756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/12 10:13:43.0890 4756 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/12 10:13:43.0906 4756 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/12 10:13:43.0937 4756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/12 10:13:44.0000 4756 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/12 10:13:44.0062 4756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/12 10:13:44.0078 4756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/12 10:13:44.0109 4756 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/12 10:13:44.0234 4756 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/12 10:13:44.0296 4756 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/12 10:13:44.0375 4756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/12 10:13:44.0406 4756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/12 10:13:44.0500 4756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/12 10:13:44.0546 4756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/12 10:13:44.0578 4756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/12 10:13:44.0593 4756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/12 10:13:44.0640 4756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/12 10:13:44.0703 4756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/12 10:13:44.0796 4756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/12 10:13:44.0859 4756 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/12 10:13:44.0921 4756 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/12 10:13:44.0968 4756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/12 10:13:45.0031 4756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/12 10:13:45.0093 4756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/12 10:13:45.0140 4756 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/12 10:13:45.0515 4756 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/12 10:13:45.0906 4756 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/12 10:13:46.0203 4756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/12 10:13:46.0546 4756 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/12 10:13:46.0609 4756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/12 10:13:46.0671 4756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/12 10:13:46.0750 4756 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
2011/09/12 10:13:46.0812 4756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/12 10:13:46.0859 4756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/12 10:13:46.0906 4756 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/09/12 10:13:47.0015 4756 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/12 10:13:47.0078 4756 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/12 10:13:47.0109 4756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/12 10:13:47.0312 4756 Boot (0x1200) (7d88416066def7f6aa72acb9d7540dbb) \Device\Harddisk0\DR0\Partition0
2011/09/12 10:13:47.0312 4756 ================================================================================
2011/09/12 10:13:47.0312 4756 Scan finished
2011/09/12 10:13:47.0312 4756 ================================================================================
2011/09/12 10:13:47.0312 4728 Detected object count: 0
2011/09/12 10:13:47.0312 4728 Actual detected object count: 0

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by Belahzur on Fri Sep 16, 2011 1:12 am

Hi,


Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Fri Sep 16, 2011 6:52 pm

Here is the log from my ComboFix. Thank you again for your continued support.

ComboFix 11-09-16.01 - Sys Admin 09/16/2011 12:41:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1103 [GMT -6:00]
Running from: c:\documents and settings\Sys Admin\Desktop\PCHelpForum.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\windows\isRS-000.tmp
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))
.
.
2011-09-16 17:20 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{68D1407A-D836-4011-BFCD-109D2F8AB209}\mpengine.dll
2011-09-14 18:25 . 2011-08-19 21:56 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-09-11 18:49 . 2011-09-11 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy1
2011-09-11 16:54 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 16:54 . 2011-09-16 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 20:01 . 2011-08-23 20:01 -------- d-----w- c:\program files\iPod
2011-08-23 19:56 . 2011-08-23 19:56 -------- d-----w- c:\program files\Bonjour
2011-08-18 17:23 . 2011-08-19 17:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2007-01-01 00:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-15 16:00 . 2010-08-04 01:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 16:00 . 2010-08-04 01:33 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-08-15 16:00 . 2010-08-04 01:33 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 16:00 . 2010-08-04 01:33 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-08-15 16:00 . 2010-08-04 01:33 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 16:00 . 2010-08-04 01:33 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 16:00 . 2010-08-04 01:33 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 16:00 . 2010-08-04 01:33 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 16:00 . 2010-06-01 02:32 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 16:00 . 2010-06-01 02:32 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-08-12 02:44 . 2010-07-16 07:32 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2007-01-01 00:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 17:20 . 2011-07-12 17:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2007-01-01 00:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 00:37 . 2011-07-06 00:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37 . 2011-07-06 00:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2009-02-24 00:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2007-01-01 00:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2007-01-01 00:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2007-01-01 00:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2007-01-01 00:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2007-01-01 00:00 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2007-01-01 00:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-09-09 22:02 . 2011-04-30 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 20:01 . 2010-08-04 01:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Sys Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Sys Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Sys Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Sys Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop iCalendar Lite.exe"="c:\program files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe" [2010-07-21 962048]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1312384]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Sys Admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Sys Admin\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Documents and Settings\\Sys Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56251:TCP"= 56251:TCP:Pando Media Booster
"56251:UDP"= 56251:UDP:Pando Media Booster
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/3/2010 7:33 PM 89624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/11/2011 10:54 AM 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/3/2010 7:33 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/3/2010 7:33 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/3/2010 7:33 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [8/3/2010 7:33 PM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [8/3/2010 7:33 PM 148520]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/24/2009 9:59 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/3/2010 7:33 PM 57432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/11/2011 10:54 AM 22216]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/3/2010 7:33 PM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/3/2010 7:33 PM 83688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/3/2010 7:33 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/3/2010 7:33 PM 87808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 19:34]
.
2011-09-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
FF - ProfilePath - c:\documents and settings\Sys Admin\Application Data\Mozilla\Firefox\Profiles\33cnn6xk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.ftp - 192.102.9.33
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.102.9.33
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.102.9.33
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.102.9.33
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.102.9.33
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Aim6 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-16 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1936)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-09-16 12:47:43
ComboFix-quarantined-files.txt 2011-09-16 18:47
.
Pre-Run: 56,304,492,544 bytes free
Post-Run: 56,927,612,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B93B41F2BFB8F6A0030C9B475B02DE28

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by Belahzur on Wed Sep 21, 2011 12:39 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Wed Sep 21, 2011 3:47 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=002ff58d05fadf44b34971016d78d15c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-21 04:30:37
# local_time=2011-09-20 10:30:37 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 57401554 57401554 0 0
# compatibility_mode=5121 16777173 100 75 0 16949496 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118878
# found=0
# cleaned=0
# scan_time=6205

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by Belahzur on Sat Sep 24, 2011 6:06 pm

Hello.
Just some programs need updating now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.5
    Java(TM) 6 Update 20
    Viewpoint Media Player

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Your Skype also needs updating, so please download the latest version from [You must be registered and logged in to see this link.]

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by mjkeenan89 on Mon Sep 26, 2011 2:25 am

Thank you very much for all the help you have provided. The sounds have stopped and the computer seems to be running smoother. Which of the programs I downloaded do you recommend that I keep and use regularly (and how often should I use them?). I will be making a donation for all the help you have provided, it was very much appreciated.

mjkeenan89
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2011-09-11
OS : XP SP3

View user profile

Back to top Go down

Re: Ads playing with no windows open

Post by Belahzur on Mon Sep 26, 2011 5:52 pm

Please delete the tools we used. Our tools are specially made and very powerful, but that also means very dangerous if used incorrectly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum