Invisible windows that play audio ads

View previous topic View next topic Go down

Invisible windows that play audio ads

Post by classicgamer101 on Sun 26 Feb 2012, 10:17 am

like the title says, I have been getting VERY ANNOYING ads. Not even sure when or how I got it. All I remember is after I patched a game called League of Legends my network started to get bogged down and then this. I have not issues with it before now.


LOGS

OTL Extras logfile created on: 2/25/2012 5:25:04 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Charles\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.74 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 44.61% Memory free
5.48 Gb Paging File | 3.22 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.56 Gb Total Space | 3.10 Gb Free Space | 5.13% Space Free | Partition Type: NTFS
Drive E: | 172.00 Gb Total Space | 3.42 Gb Free Space | 1.99% Space Free | Partition Type: HFS
Drive H: | 3.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAC | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0896A6-3DAA-44EE-8B6E-D81237A2D4EC}" = Enterasys NAC Assessment Agent
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"16E9B4B4A3817C38179BF7D6E12774E0432FD558" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/28/2010 6.6001.1.25)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"22BCABA490923565F42CF777F73DF7E58696F3C7" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (03/12/2010 6.6001.1.23)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"31BC243044B2C02B454ECDA8F5B44427F3754DD0" = Windows Driver Package - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5A9DF61C17938C73DCC75C9B4B3A4DE3C74D38ED" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0)
"5D1F13EEF9A42CC17001EAFFC701D57AF8D13E9D" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"60B5F87397EB801AB1BAB3E940CE0E077830B153" = Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"84865EBF11DAD18A6FD975327C8DBD66D7090BAD" = Windows Driver Package - Apple Inc. Apple Keyboard (01/12/2010 3.1.0.2)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
"Akamai" = Akamai NetSession Interface Service
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"Browser Defender_is1" = Browser Defender 3.0
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Spyware Doctor" = Spyware Doctor 8.0
"Steam App 113200" = The Binding Of Isaac
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 0.9.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Sun 26 Feb 2012, 10:23 am

OTL logfile created on: 2/25/2012 5:25:04 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Charles\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.74 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 44.61% Memory free
5.48 Gb Paging File | 3.22 Gb Available in Paging File | 58.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.56 Gb Total Space | 3.10 Gb Free Space | 5.13% Space Free | Partition Type: NTFS
Drive E: | 172.00 Gb Total Space | 3.42 Gb Free Space | 1.99% Space Free | Partition Type: HFS
Drive H: | 3.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAC | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 17:24:01 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Downloads\OTL.com
PRC - [2012/02/22 18:51:52 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com
PRC - [2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com_
PRC - [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/06 13:42:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/11 22:00:58 | 000,525,112 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
PRC - [2010/11/11 22:00:58 | 000,193,848 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe
PRC - [2010/10/16 15:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 14:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/23 01:53:32 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 18:51:49 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/02/22 18:51:43 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/02/22 18:51:42 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2012/02/22 18:51:42 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2012/02/22 18:51:42 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2012/02/16 09:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/06 21:45:35 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/01/26 12:49:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (W8335XP)
SRV - File not found [Auto | Stopped] -- -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- -- (vmnetuserif)
SRV - File not found [Auto | Stopped] -- -- (spmd)
SRV - File not found [Auto | Stopped] -- -- (sleepy)
SRV - File not found [Auto | Stopped] -- -- (SE2Emdm)
SRV - File not found [Auto | Stopped] -- -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- -- (PTDCVsp)
SRV - File not found [Auto | Stopped] -- -- (PSSdk21)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (odysseyIM4)
SRV - File not found [Auto | Stopped] -- -- (NwSapAgent)
SRV - File not found [Auto | Stopped] -- -- (NSSvcMgr)
SRV - File not found [Auto | Stopped] -- -- (nisvcloc)
SRV - File not found [Auto | Stopped] -- -- (ndisip)
SRV - File not found [Auto | Stopped] -- -- (msvsmon90)
SRV - File not found [Auto | Stopped] -- -- (motmodem)
SRV - File not found [Auto | Stopped] -- -- (lxrsge10s)
SRV - File not found [Auto | Stopped] -- -- (i2omp)
SRV - File not found [Auto | Stopped] -- -- (EMCFILT)
SRV - File not found [Auto | Stopped] -- -- (dcstor32)
SRV - File not found [Auto | Stopped] -- -- (cwafrmiregistry)
SRV - File not found [Auto | Stopped] -- -- (bvrp_pci)
SRV - File not found [Auto | Stopped] -- -- (BRGSp50)
SRV - File not found [Auto | Stopped] -- -- (bocdrive)
SRV - File not found [Auto | Stopped] -- -- (agnwifi)
SRV - File not found [Auto | Stopped] -- -- (acermemusagecheckservice)
SRV - [2012/02/22 18:51:52 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/09 20:39:19 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/09 10:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/11 22:00:58 | 000,193,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2010/10/16 14:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/23 01:53:32 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\ALYac_PZSrv.dll -- (nvidesm)


========== Driver Services (SafeList) ==========

DRV - [2012/02/22 15:10:22 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/11 22:00:58 | 000,049,280 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2010/11/11 22:00:58 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2010/11/11 22:00:58 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/15 01:58:17 | 000,014,336 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CS420x86.sys -- (CirrusFilter)
DRV - [2010/10/15 01:57:05 | 000,029,824 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtp.sys -- (applemtp)
DRV - [2010/10/15 01:57:05 | 000,010,880 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtm.sys -- (applemtm)
DRV - [2010/09/22 14:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/07 15:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/23 01:43:53 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2010/03/23 01:43:50 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2010/03/23 00:46:14 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2010/01/28 02:54:39 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV - [2009/10/22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/16 01:39:30 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/08/08 02:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\FireFox\ [2012/02/21 15:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 00:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 02:33:14 | 000,000,000 | ---D | M]

[2012/02/19 00:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2012/02/23 13:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/10 21:38:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/23 13:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/23 13:58:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 09:41:23 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353D5B68-4846-46F3-B111-D831ACA12537}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 000,035,009 | R--- | M] () - H:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 001,510,400 | R--- | M] () - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6524d9e0-5624-11e0-9917-5c5948c7a9b0}\Shell - "" = AutoRun
O33 - MountPoints2\{6524d9e0-5624-11e0-9917-5c5948c7a9b0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: WUSB54Gv4SVC - File not found
NetSvcs: dcstor32 - File not found
NetSvcs: prfldsvc - File not found
NetSvcs: motmodem - File not found
NetSvcs: 3combootp - File not found
NetSvcs: sleepy - File not found
NetSvcs: sentinelprotectionserver - File not found
NetSvcs: acermemusagecheckservice - File not found
NetSvcs: msvsmon90 - File not found
NetSvcs: SE2Emdm - File not found
NetSvcs: W8335XP - File not found
NetSvcs: pavatscheduler - File not found
NetSvcs: nisvcloc - File not found
NetSvcs: agnwifi - File not found
NetSvcs: cwafrmiregistry - File not found
NetSvcs: EMCFILT - File not found
NetSvcs: i2omp - File not found
NetSvcs: NSSvcMgr - File not found
NetSvcs: nvidesm - C:\Windows\System32\ALYac_PZSrv.dll (Oak Technology Inc.)
NetSvcs: PSSdk21 - File not found
NetSvcs: spmd - File not found
NetSvcs: vstor2-ws60 - File not found
NetSvcs: bocdrive - File not found
NetSvcs: BRGSp50 - File not found
NetSvcs: PTDCVsp - File not found
NetSvcs: NwSapAgent - File not found
NetSvcs: lxrsge10s - File not found
NetSvcs: RR2IOMod - File not found
NetSvcs: CTSYN - File not found
NetSvcs: ndisip - File not found
NetSvcs: s3savagemx - File not found
NetSvcs: s616mdm - File not found
NetSvcs: vmnetuserif - File not found
NetSvcs: pdrframe - File not found
NetSvcs: roxliveshare9 - File not found
NetSvcs: bvrp_pci - File not found
NetSvcs: odysseyIM4 - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/23 13:59:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Threat Expert
[2012/02/23 13:59:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 13:59:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 13:59:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/23 00:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/23 00:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/02/22 15:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/02/22 15:10:22 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/02/22 15:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/02/22 15:09:23 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\DAEMON Tools Lite
[2012/02/22 15:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/21 15:56:02 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/21 15:56:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/21 15:56:01 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/21 12:06:33 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/21 12:06:33 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/21 12:06:32 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/21 12:06:32 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/21 12:06:23 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/21 12:06:23 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/21 12:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/21 12:06:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\PC Tools
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/21 11:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/19 07:47:09 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2012/02/19 07:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/19 07:41:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/19 07:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/18 17:43:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/18 17:14:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/02/18 17:14:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/02/18 17:04:43 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/02/18 14:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/18 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe
[2012/02/18 14:40:02 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Adobe
[2012/02/11 12:40:22 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\WBFSManager
[2012/02/11 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\WBFS Manager Covers
[2012/02/11 12:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/02/08 14:24:19 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Codemasters
[2012/02/08 14:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/02/04 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe-BackupByPhotoshopPortable
[2012/01/28 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Adobe-BackupByPhotoshopPortable
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/25 17:00:21 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000UA.job
[2012/02/25 16:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/25 16:36:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/25 16:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/25 15:56:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000Core.job
[2012/02/25 15:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/25 15:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/25 14:46:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/25 14:46:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/25 14:17:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/25 14:17:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/25 13:37:59 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/25 13:37:56 | 2207,195,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 12:36:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/25 12:36:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/25 11:36:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/25 11:36:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/25 11:21:33 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/25 11:11:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/25 09:42:37 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/25 09:42:36 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/25 08:46:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 08:46:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 21:38:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/23 21:38:51 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/23 17:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/23 17:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/23 13:58:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/23 13:58:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 13:58:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 13:58:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/23 11:16:12 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/23 11:16:12 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/23 10:53:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/23 10:49:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/23 10:49:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/23 10:48:57 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/23 10:48:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/22 23:50:40 | 362,164,848 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/22 23:38:45 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/22 23:37:35 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/22 22:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/22 22:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/22 20:36:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/22 20:36:24 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/22 19:37:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/22 19:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/22 15:12:04 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/22 15:11:30 | 001,419,312 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/22 15:10:22 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/02/21 18:38:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/21 18:38:37 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/21 12:06:19 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/21 11:57:52 | 000,512,992 | ---- | M] () -- C:\Users\Charles\Desktop\sdsetup_revwire207.exe
[2012/02/20 02:22:23 | 000,000,001 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe_.b
[2012/02/20 02:22:23 | 000,000,001 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe.b
[2012/02/19 07:41:08 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 00:40:52 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/18 17:14:20 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/18 14:57:48 | 000,172,899 | ---- | M] () -- C:\Users\Charles\Desktop\jared.jpg
[2012/02/18 14:09:31 | 002,288,128 | ---- | M] () -- C:\Users\Charles\Desktop\LeagueofLegends.exe
[2012/02/18 11:03:05 | 000,083,860 | ---- | M] () -- C:\Users\Charles\Desktop\sad-keanu-its-just-21373-1276650298-10.jpg
[2012/02/18 11:02:37 | 000,103,284 | ---- | M] () -- C:\Users\Charles\Desktop\sadjared.jpg
[2012/02/18 10:54:27 | 000,000,112 | ---- | M] () -- C:\ProgramData\FR82Mt.dat
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com_
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com
[2012/02/11 08:39:17 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 11:31:57 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/23 10:48:36 | 000,087,176 | ---- | C] () -- C:\Windows\System32\4FPEm0v.com
[2012/02/22 23:50:40 | 362,164,848 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/22 15:12:04 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/21 16:36:06 | 000,087,176 | ---- | C] () -- C:\Windows\System32\4FPEm0v.com_
[2012/02/21 15:56:03 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/21 15:56:02 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/21 15:56:02 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/21 15:56:02 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/21 15:56:02 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/21 12:07:16 | 001,419,312 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/21 12:06:19 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/21 11:58:02 | 000,512,992 | ---- | C] () -- C:\Users\Charles\Desktop\sdsetup_revwire207.exe
[2012/02/20 02:22:23 | 000,000,001 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe_.b
[2012/02/20 02:22:23 | 000,000,001 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe.b
[2012/02/20 02:22:09 | 000,087,176 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe
[2012/02/19 07:41:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 00:40:52 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/19 00:40:52 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/18 14:51:24 | 000,172,899 | ---- | C] () -- C:\Users\Charles\Desktop\jared.jpg
[2012/02/18 14:09:26 | 002,288,128 | ---- | C] () -- C:\Users\Charles\Desktop\LeagueofLegends.exe
[2012/02/18 11:03:04 | 000,083,860 | ---- | C] () -- C:\Users\Charles\Desktop\sad-keanu-its-just-21373-1276650298-10.jpg
[2012/02/18 11:02:20 | 000,103,284 | ---- | C] () -- C:\Users\Charles\Desktop\sadjared.jpg
[2012/02/18 10:52:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\FR82Mt.dat
[2012/02/18 10:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/02/18 10:52:45 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/02/18 10:52:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/02/18 10:52:43 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/02/18 10:52:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/02/18 10:52:42 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/02/18 10:52:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/02/18 10:52:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/02/18 10:52:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/02/18 10:52:39 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/02/18 10:52:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/02/18 10:52:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/02/18 10:52:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/02/18 10:52:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/02/18 10:52:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/02/18 10:52:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/02/18 10:52:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/02/18 10:52:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/02/18 10:52:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/02/18 10:52:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/02/18 10:52:31 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/02/18 10:52:31 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/02/18 10:52:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/02/18 10:52:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/02/18 10:52:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/02/18 10:52:28 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/02/18 10:52:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/02/18 10:52:26 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/02/18 10:52:26 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/02/18 10:52:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/02/18 10:52:25 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/02/18 10:52:24 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/02/18 10:52:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/02/18 10:52:23 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/02/18 10:52:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/02/18 10:52:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/02/18 10:52:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/02/18 10:52:21 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/02/18 10:52:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/02/18 10:52:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/02/18 10:52:19 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/02/18 10:52:18 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/02/18 10:52:17 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/02/18 10:52:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/02/18 10:52:16 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/02/18 10:52:15 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/02/18 10:52:14 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/02/18 10:52:11 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/11 08:39:17 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2012/02/08 11:18:16 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2011/09/26 21:07:43 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/09/26 21:07:43 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/09/26 21:07:43 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/07/11 09:15:46 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/11 09:15:46 | 000,138,056 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\PnkBstrK.sys
[2011/07/11 09:15:10 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/11 09:15:07 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011/07/11 09:15:07 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/22 01:49:30 | 000,005,120 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/05 16:47:43 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/01/06 16:26:04 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/06 16:26:04 | 000,000,088 | RHS- | C] () -- C:\ProgramData\28926C8C7D.sys
[2010/12/20 20:37:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/11 22:00:58 | 000,193,848 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2010/04/12 03:44:34 | 000,059,388 | ---- | C] () -- C:\Windows\System32\drivers\scdemu.sys
[2010/02/26 18:26:18 | 000,095,994 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/18 14:09:31 | 002,288,128 | ---- | M] () -- C:\Users\Charles\Desktop\LeagueofLegends.exe
[2011/10/20 20:26:00 | 000,270,142 | ---- | M] () -- C:\Users\Charles\Desktop\Minecraft.exe
[2008/10/23 19:12:10 | 000,056,105 | ---- | M] (PortableAppZ.blogspot.com) -- C:\Users\Charles\Desktop\PhotoshopCS4.exe
[2011/12/29 20:52:04 | 000,167,936 | ---- | M] (edx // SSG) -- C:\Users\Charles\Desktop\rmxpkegen.exe
[2012/02/21 11:57:52 | 000,512,992 | ---- | M] () -- C:\Users\Charles\Desktop\sdsetup_revwire207.exe
[2011/10/24 19:45:53 | 006,283,632 | ---- | M] (Microsoft Corporation) -- C:\Users\Charles\Desktop\Silverlight.exe
[2011/12/03 19:56:21 | 029,603,832 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Charles\Desktop\TeamSpeak3-Client-win32-3.0.2.exe
[2011/12/08 00:54:26 | 000,932,352 | ---- | M] () -- C:\Users\Charles\Desktop\Xpadder (Seven).exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/02/16 09:40:41 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/02/16 09:40:41 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/02/16 09:40:41 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Superdave on Sun 26 Feb 2012, 1:15 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
You only 5.13% of free space on your C drive. Windows requires at least 15% (9 Gb) in order to function properly. You should try to free up more space on that drive. You can do this by transferring important files, photos, movies and music to an external drive or DVD's

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

C:\Windows\tasks\At34.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At1.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At10.job
 C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At1.job

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
********************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 4:22 am

OTL logfile created on: 2/26/2012 12:15:47 PM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Charles\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.74 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 49.25% Memory free
5.48 Gb Paging File | 3.11 Gb Available in Paging File | 56.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.56 Gb Total Space | 14.88 Gb Free Space | 24.57% Space Free | Partition Type: NTFS
Drive E: | 172.00 Gb Total Space | 3.42 Gb Free Space | 1.99% Space Free | Partition Type: HFS
Drive H: | 3.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAC | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/25 17:24:01 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Downloads\OTL.com
PRC - [2012/02/22 18:51:52 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com
PRC - [2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com_
PRC - [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\Charles\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/08/06 13:42:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/11 22:00:58 | 000,525,112 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\Bootcamp.exe
PRC - [2010/11/11 22:00:58 | 000,193,848 | ---- | M] () -- C:\Windows\System32\AppleOSSMgr.exe
PRC - [2010/10/16 15:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 14:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 03:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/23 01:53:32 | 000,099,640 | ---- | M] (Apple Inc.) -- C:\Windows\System32\AppleTimeSrv.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 18:51:49 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/02/22 18:51:43 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/02/22 18:51:42 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2012/02/22 18:51:42 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2012/02/22 18:51:42 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2012/02/16 09:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/01/26 12:49:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (W8335XP)
SRV - File not found [Auto | Stopped] -- -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- -- (vmnetuserif)
SRV - File not found [Auto | Stopped] -- -- (spmd)
SRV - File not found [Auto | Stopped] -- -- (sleepy)
SRV - File not found [Auto | Stopped] -- -- (SE2Emdm)
SRV - File not found [Auto | Stopped] -- -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- -- (PTDCVsp)
SRV - File not found [Auto | Stopped] -- -- (PSSdk21)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (odysseyIM4)
SRV - File not found [Auto | Stopped] -- -- (NwSapAgent)
SRV - File not found [Auto | Stopped] -- -- (NSSvcMgr)
SRV - File not found [Auto | Stopped] -- -- (nisvcloc)
SRV - File not found [Auto | Stopped] -- -- (ndisip)
SRV - File not found [Auto | Stopped] -- -- (msvsmon90)
SRV - File not found [Auto | Stopped] -- -- (motmodem)
SRV - File not found [Auto | Stopped] -- -- (lxrsge10s)
SRV - File not found [Auto | Stopped] -- -- (i2omp)
SRV - File not found [Auto | Stopped] -- -- (EMCFILT)
SRV - File not found [Auto | Stopped] -- -- (dcstor32)
SRV - File not found [Auto | Stopped] -- -- (cwafrmiregistry)
SRV - File not found [Auto | Stopped] -- -- (bvrp_pci)
SRV - File not found [Auto | Stopped] -- -- (BRGSp50)
SRV - File not found [Auto | Stopped] -- -- (bocdrive)
SRV - File not found [Auto | Stopped] -- -- (agnwifi)
SRV - File not found [Auto | Stopped] -- -- (acermemusagecheckservice)
SRV - [2012/02/22 18:51:52 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/09 20:39:19 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/09 10:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/11 22:00:58 | 000,193,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2010/10/16 14:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/23 01:53:32 | 000,099,640 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\ALYac_PZSrv.dll -- (nvidesm)


========== Driver Services (SafeList) ==========

DRV - [2012/02/22 15:10:22 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/11 22:00:58 | 000,049,280 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2010/11/11 22:00:58 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2010/11/11 22:00:58 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2010/10/16 13:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/15 01:58:17 | 000,014,336 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CS420x86.sys -- (CirrusFilter)
DRV - [2010/10/15 01:57:05 | 000,029,824 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtp.sys -- (applemtp)
DRV - [2010/10/15 01:57:05 | 000,010,880 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\applemtm.sys -- (applemtm)
DRV - [2010/09/22 14:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/07 15:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/23 01:43:53 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2010/03/23 01:43:50 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2010/03/23 00:46:14 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2010/01/28 02:54:39 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV - [2009/10/22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/16 01:39:30 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/08/08 02:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\FireFox\ [2012/02/21 15:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 00:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 02:33:14 | 000,000,000 | ---D | M]

[2012/02/19 00:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2012/02/25 19:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\k92dszrw.default\extensions
[2012/02/23 13:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/10 21:38:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/23 13:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHARLES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K92DSZRW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/23 13:58:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 09:41:23 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353D5B68-4846-46F3-B111-D831ACA12537}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 000,035,009 | R--- | M] () - H:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 001,510,400 | R--- | M] () - H:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/12/07 00:32:14 | 000,000,049 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6524d9e0-5624-11e0-9917-5c5948c7a9b0}\Shell - "" = AutoRun
O33 - MountPoints2\{6524d9e0-5624-11e0-9917-5c5948c7a9b0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 22:45:07 | 000,000,000 | ---D | C] -- C:\Users\Charles\Desktop\rule34splenderstuff
[2012/02/23 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/23 13:59:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Threat Expert
[2012/02/23 13:59:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 13:59:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 13:59:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/23 00:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/23 00:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/02/22 15:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/02/22 15:10:22 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/02/22 15:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/02/22 15:09:23 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\DAEMON Tools Lite
[2012/02/22 15:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/21 15:56:02 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/21 15:56:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/21 15:56:01 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/21 12:06:33 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/21 12:06:33 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/21 12:06:32 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/21 12:06:32 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/21 12:06:23 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/21 12:06:23 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/21 12:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/21 12:06:15 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\PC Tools
[2012/02/21 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/21 11:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/19 07:47:09 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2012/02/19 07:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/19 07:41:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/19 07:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/18 17:43:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/18 17:14:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/02/18 17:14:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/02/18 17:04:43 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/02/18 14:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/02/18 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe
[2012/02/18 14:40:02 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Adobe
[2012/02/11 12:40:22 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\WBFSManager
[2012/02/11 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\WBFS Manager Covers
[2012/02/11 12:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/02/08 14:24:19 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Codemasters
[2012/02/08 14:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/02/04 20:03:35 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\Adobe-BackupByPhotoshopPortable
[2012/01/28 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Adobe-BackupByPhotoshopPortable
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/26 12:13:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/26 12:13:18 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000UA.job
[2012/02/26 12:09:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 00:36:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/26 00:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/25 23:52:48 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\locf.sys
[2012/02/25 23:36:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/25 23:36:23 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/25 22:36:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/25 22:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/25 21:36:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/25 21:36:22 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/25 20:36:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/25 20:36:38 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/25 19:55:19 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 19:55:19 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/25 19:51:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/25 19:51:25 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/25 18:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/25 18:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/25 17:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/25 17:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/25 16:36:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/25 16:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/25 15:56:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000Core.job
[2012/02/25 15:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/25 15:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/25 14:46:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/25 14:46:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/25 14:17:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/25 14:17:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/25 13:37:59 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/25 13:37:56 | 2207,195,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 12:36:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/25 12:36:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/25 08:46:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 08:46:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 13:58:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/02/23 13:58:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/23 13:58:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/23 13:58:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/22 23:50:40 | 362,164,848 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/22 15:12:04 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/22 15:11:30 | 001,419,312 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/22 15:10:22 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/02/21 12:06:19 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/21 11:57:52 | 000,512,992 | ---- | M] () -- C:\Users\Charles\Desktop\sdsetup_revwire207.exe
[2012/02/20 02:22:23 | 000,000,001 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe_.b
[2012/02/20 02:22:23 | 000,000,001 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe.b
[2012/02/19 07:41:08 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 00:40:52 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/18 17:14:20 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/18 14:57:48 | 000,172,899 | ---- | M] () -- C:\Users\Charles\Desktop\jared.jpg
[2012/02/18 14:09:31 | 002,288,128 | ---- | M] () -- C:\Users\Charles\Desktop\LeagueofLegends.exe
[2012/02/18 11:03:05 | 000,083,860 | ---- | M] () -- C:\Users\Charles\Desktop\sad-keanu-its-just-21373-1276650298-10.jpg
[2012/02/18 11:02:37 | 000,103,284 | ---- | M] () -- C:\Users\Charles\Desktop\sadjared.jpg
[2012/02/18 10:54:27 | 000,000,112 | ---- | M] () -- C:\ProgramData\FR82Mt.dat
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\ProgramData\WxSGKiWs.exe
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com_
[2012/02/18 10:54:14 | 000,087,176 | ---- | M] () -- C:\Windows\System32\4FPEm0v.com
[2012/02/11 08:39:17 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/25 23:52:48 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\locf.sys
[2012/02/23 11:31:57 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/23 10:48:36 | 000,087,176 | ---- | C] () -- C:\Windows\System32\4FPEm0v.com
[2012/02/22 23:50:40 | 362,164,848 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/22 15:12:04 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/02/21 16:36:06 | 000,087,176 | ---- | C] () -- C:\Windows\System32\4FPEm0v.com_
[2012/02/21 15:56:03 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/21 15:56:02 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/21 15:56:02 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/21 15:56:02 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/21 15:56:02 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/21 12:07:16 | 001,419,312 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/21 12:06:19 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/21 11:58:02 | 000,512,992 | ---- | C] () -- C:\Users\Charles\Desktop\sdsetup_revwire207.exe
[2012/02/20 02:22:23 | 000,000,001 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe_.b
[2012/02/20 02:22:23 | 000,000,001 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe.b
[2012/02/20 02:22:09 | 000,087,176 | ---- | C] () -- C:\ProgramData\WxSGKiWs.exe
[2012/02/19 07:41:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/19 00:40:52 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/19 00:40:52 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/18 14:51:24 | 000,172,899 | ---- | C] () -- C:\Users\Charles\Desktop\jared.jpg
[2012/02/18 14:09:26 | 002,288,128 | ---- | C] () -- C:\Users\Charles\Desktop\LeagueofLegends.exe
[2012/02/18 11:03:04 | 000,083,860 | ---- | C] () -- C:\Users\Charles\Desktop\sad-keanu-its-just-21373-1276650298-10.jpg
[2012/02/18 11:02:20 | 000,103,284 | ---- | C] () -- C:\Users\Charles\Desktop\sadjared.jpg
[2012/02/18 10:52:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\FR82Mt.dat
[2012/02/18 10:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/02/18 10:52:45 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/02/18 10:52:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/02/18 10:52:43 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/02/18 10:52:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/02/18 10:52:42 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/02/18 10:52:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/02/18 10:52:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/02/18 10:52:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/02/18 10:52:39 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/02/18 10:52:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/02/18 10:52:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/02/18 10:52:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/02/18 10:52:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/02/18 10:52:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/02/18 10:52:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/02/18 10:52:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/02/18 10:52:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/02/18 10:52:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/02/18 10:52:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/02/18 10:52:31 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/02/18 10:52:31 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/02/18 10:52:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/02/18 10:52:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/02/18 10:52:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/02/18 10:52:28 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/02/18 10:52:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/02/18 10:52:26 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/02/18 10:52:26 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/02/18 10:52:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/02/18 10:52:25 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/02/18 10:52:24 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/02/18 10:52:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/02/18 10:52:23 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/02/18 10:52:22 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/02/18 10:52:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/02/18 10:52:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/02/18 10:52:21 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/02/18 10:52:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/02/18 10:52:19 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/02/18 10:52:19 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/02/18 10:52:18 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/02/18 10:52:17 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/02/18 10:52:17 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/02/18 10:52:16 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/02/18 10:52:15 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/02/18 10:52:14 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/02/18 10:52:11 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/11 08:39:17 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2012/02/08 11:18:16 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2011/09/26 21:07:43 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/09/26 21:07:43 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/09/26 21:07:43 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/07/11 09:15:46 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/11 09:15:46 | 000,138,056 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\PnkBstrK.sys
[2011/07/11 09:15:10 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/11 09:15:07 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011/07/11 09:15:07 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/22 01:49:30 | 000,005,120 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/05 16:47:43 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/01/06 16:26:04 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/06 16:26:04 | 000,000,088 | RHS- | C] () -- C:\ProgramData\28926C8C7D.sys
[2010/12/20 20:37:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/11 22:00:58 | 000,193,848 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2010/04/12 03:44:34 | 000,059,388 | ---- | C] () -- C:\Windows\System32\drivers\scdemu.sys
[2010/02/26 18:26:18 | 000,095,994 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

========== Custom Scans ==========


< :OTL >

< >

< C:\Windows\tasks\At34.job >
[2012/02/25 16:36:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job

< C:\Windows\tasks\At33.job >
[2012/02/25 16:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job

< C:\Windows\tasks\At32.job >
[2012/02/25 15:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job

< C:\Windows\tasks\At31.job >
[2012/02/25 15:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job

< C:\Windows\tasks\At30.job >
[2012/02/25 14:46:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job

< C:\Windows\tasks\At29.job >
[2012/02/25 14:46:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job

< C:\Windows\tasks\At28.job >
[2012/02/25 14:17:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job

< C:\Windows\tasks\At27.job >
[2012/02/25 14:17:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job

< C:\Windows\tasks\At26.job >
[2012/02/25 12:36:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job

< C:\Windows\tasks\At25.job >
[2012/02/25 12:36:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job

< C:\Windows\tasks\At24.job >
[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job

< C:\Windows\tasks\At23.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job

< C:\Windows\tasks\At21.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job

< C:\Windows\tasks\At22.job >
[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job

< C:\Windows\tasks\At19.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job

< C:\Windows\tasks\At20.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job

< C:\Windows\tasks\At44.job >
[2012/02/25 21:36:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job

< C:\Windows\tasks\At43.job >
[2012/02/25 21:36:22 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job

< C:\Windows\tasks\At36.job >
[2012/02/25 17:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job

< C:\Windows\tasks\At35.job >
[2012/02/25 17:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job

< C:\Windows\tasks\At6.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job

< C:\Windows\tasks\At4.job >
[2012/02/26 12:13:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job

< C:\Windows\tasks\At10.job >
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job

< C:\Windows\tasks\At8.job >
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job

< C:\Windows\tasks\At2.job >
[2012/02/26 00:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job

< C:\Windows\tasks\At18.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job

< C:\Windows\tasks\At16.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job

< C:\Windows\tasks\At14.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job

< C:\Windows\tasks\At12.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job

< C:\Windows\tasks\At9.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job

< C:\Windows\tasks\At7.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job

< C:\Windows\tasks\At5.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job

< C:\Windows\tasks\At3.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job

< C:\Windows\tasks\At17.job >
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job

< C:\Windows\tasks\At15.job >
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job

< C:\Windows\tasks\At13.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job

< C:\Windows\tasks\At11.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job

< C:\Windows\tasks\At1.job >
[2012/02/26 00:36:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job

< C:\Windows\tasks\At48.job >
[2012/02/25 23:36:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job

< C:\Windows\tasks\At47.job >
[2012/02/25 23:36:23 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job

< C:\Windows\tasks\At46.job >
[2012/02/25 22:36:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job

< C:\Windows\tasks\At45.job >
[2012/02/25 22:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job

< C:\Windows\tasks\At42.job >
[2012/02/25 20:36:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job

< C:\Windows\tasks\At41.job >
[2012/02/25 20:36:38 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job

< C:\Windows\tasks\At40.job >
[2012/02/25 19:51:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job

< C:\Windows\tasks\At39.job >
[2012/02/25 19:51:25 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job

< C:\Windows\tasks\At38.job >
[2012/02/25 18:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job

< C:\Windows\tasks\At37.job >
[2012/02/25 18:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 4:24 am


< C:\Windows\tasks\At48.job >
[2012/02/25 23:36:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At48.job

< C:\Windows\tasks\At47.job >
[2012/02/25 23:36:23 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job

< C:\Windows\tasks\At46.job >
[2012/02/25 22:36:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At46.job

< C:\Windows\tasks\At45.job >
[2012/02/25 22:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job

< C:\Windows\tasks\At44.job >
[2012/02/25 21:36:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At44.job

< C:\Windows\tasks\At43.job >
[2012/02/25 21:36:22 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job

< C:\Windows\tasks\At42.job >
[2012/02/25 20:36:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At42.job

< C:\Windows\tasks\At41.job >
[2012/02/25 20:36:38 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job

< C:\Windows\tasks\At40.job >
[2012/02/25 19:51:25 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job

< C:\Windows\tasks\At39.job >
[2012/02/25 19:51:25 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job

< C:\Windows\tasks\At38.job >
[2012/02/25 18:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At38.job

< C:\Windows\tasks\At37.job >
[2012/02/25 18:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job

< C:\Windows\tasks\At36.job >
[2012/02/25 17:36:17 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At36.job

< C:\Windows\tasks\At34.job >
[2012/02/25 16:36:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job

< C:\Windows\tasks\At35.job >
[2012/02/25 17:36:17 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job

< C:\Windows\tasks\At33.job >
[2012/02/25 16:36:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job

< C:\Windows\tasks\At32.job >
[2012/02/25 15:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At32.job

< C:\Windows\tasks\At31.job >
[2012/02/25 15:36:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job

< C:\Windows\tasks\At30.job >
[2012/02/25 14:46:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At30.job

< C:\Windows\tasks\At29.job >
[2012/02/25 14:46:06 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job

< C:\Windows\tasks\At28.job >
[2012/02/25 14:17:55 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At28.job

< C:\Windows\tasks\At27.job >
[2012/02/25 14:17:55 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job

< C:\Windows\tasks\At26.job >
[2012/02/25 12:36:16 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At26.job

< C:\Windows\tasks\At25.job >
[2012/02/25 12:36:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job

< C:\Windows\tasks\At24.job >
[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job

< C:\Windows\tasks\At23.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job

< C:\Windows\tasks\At22.job >
[2012/02/26 12:13:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job

< C:\Windows\tasks\At20.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job

< C:\Windows\tasks\At21.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job

< C:\Windows\tasks\At18.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job

< C:\Windows\tasks\At19.job >
[2012/02/26 12:13:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job

< C:\Windows\tasks\At17.job >
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job

< C:\Windows\tasks\At16.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job

< C:\Windows\tasks\At15.job >
[2012/02/26 12:13:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job

< C:\Windows\tasks\At14.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job

< C:\Windows\tasks\At13.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job

< C:\Windows\tasks\At12.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job

< C:\Windows\tasks\At11.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job

< C:\Windows\tasks\At10.job >
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job

< C:\Windows\tasks\At8.job >
[2012/02/26 12:13:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job

< C:\Windows\tasks\At9.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job

< C:\Windows\tasks\At7.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job

< C:\Windows\tasks\At6.job >
[2012/02/26 12:13:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job

< C:\Windows\tasks\At5.job >
[2012/02/26 12:13:30 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job

< C:\Windows\tasks\At4.job >
[2012/02/26 12:13:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job

< C:\Windows\tasks\At3.job >
[2012/02/26 12:13:29 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job

< C:\Windows\tasks\At2.job >
[2012/02/26 00:36:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job

< C:\Windows\tasks\At1.job >
[2012/02/26 00:36:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job

< >

< :COMMANDS >

< [resethosts] >

< [purity] >

< [start explorer] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 4:25 am

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.02.25.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Charles :: MAC [administrator]

Protection: Enabled

2/25/2012 11:40:25 PM
mbam-log-2012-02-25 (23-40-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175048
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\ALYac_PZSrv.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\ALYac_PZSrv.dll (RootKit.0Access.H) -> Delete on reboot.

(end)

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Superdave on Mon 27 Feb 2012, 5:18 am

I didn't ask for a scan with OTL. Please go back and follow the directions I've provided.

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?

[You must be registered and logged in to see this link.]

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 5:34 am

yeah I would love to see if you an attempt to lean it because I do not have the option of reformatting right now. Also to your green text saying you didn't ask for an OTL scan....

"* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

C:\Windows\tasks\At34.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At1.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At1.job

:COMMANDS
[resethosts]
[purity]
[start explorer]



* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply."

also here is the superantispyware report

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 02/26/2012 at 12:57 PM

Application Version : 5.0.1144

Core Rules Database Version : 8279
Trace Rules Database Version: 6091

Scan type : Quick Scan
Total Scan Time : 00:08:05

Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 734
Memory threats detected : 0
Registry items scanned : 27707
Registry threats detected : 0
File items scanned : 7725
File threats detected : 0

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Superdave on Mon 27 Feb 2012, 5:51 am

As for the OTL, please follow the instructions I've provide. After you copy and paste the contents you must click Run Fix

Also, please run DDS and post both logs.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 6:07 am

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Charles at 14:02:36 on 2012-02-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2807.1046 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe
C:\Users\Charles\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Charles\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\4FPEm0v.com
C:\Windows\system32\4FPEM0~1.COM
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\4FPEm0v.com
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mSearchAssistant = [You must be registered and logged in to see this link.]
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\charles\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Akamai NetSession Interface] "c:\users\charles\appdata\local\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Apple_KbdMgr] c:\program files\boot camp\Bootcamp.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lolrec~1.lnk - c:\program files\lolreplay\LOLRecorder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nacass~1.lnk - c:\program files\enterasys networks\nac agent\NacAgent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{353D5B68-4846-46F3-B111-D831ACA12537} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B}\7516E6D27716E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B}\853525A523 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{ED01314D-B00C-4FEF-8378-EC28D0DEB88B}\86165737230393D27657563747 : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\charles\appdata\roaming\mozilla\firefox\profiles\k92dszrw.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\charles\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\charles\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\charles\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;c:\windows\system32\drivers\AppleHFS.sys [2010-11-11 49280]
R0 AppleMNT;AppleMNT;c:\windows\system32\drivers\AppleMNT.sys [2010-11-11 6784]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-19 343664]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-2-21 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-2-21 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-2-21 656320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-22 242240]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2010-11-11 193848]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2010-3-23 99640]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-2-21 247760]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2010-11-11 6528]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-3-23 12928]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-19 652360]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-10-22 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-19 70728]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-2-21 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-2-21 1150936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\drivers\AppleBtBc.sys [2010-12-7 18432]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [2010-12-8 10880]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [2010-12-8 29824]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-12-7 260648]
R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\drivers\CS420x86.sys [2010-12-8 14336]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2010-12-7 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2010-12-7 23552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-19 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-15 123496]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S2 BRGSp50;Webrootadminconsole;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-10-22 146448]
S2 pavatscheduler;Symdns;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-8 12032]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-19 91672]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-19 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-19 65448]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-9 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-26 17:47:12 -------- d-----w- c:\users\charles\appdata\roaming\SUPERAntiSpyware.com
2012-02-26 17:45:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-26 17:45:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-23 18:59:52 -------- d-----w- c:\users\charles\appdata\local\Threat Expert
2012-02-23 18:59:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-02-23 15:48:36 87176 ----a-w- c:\windows\system32\4FPEm0v.com
2012-02-23 05:14:20 -------- d-----w- c:\programdata\IObit
2012-02-23 05:14:19 -------- d-----w- c:\program files\IObit
2012-02-22 20:10:22 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-22 20:10:11 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-02-22 20:09:23 -------- d-----w- c:\users\charles\appdata\roaming\DAEMON Tools Lite
2012-02-22 20:09:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-21 21:36:06 87176 ----a-w- c:\windows\system32\4FPEm0v.com_
2012-02-21 20:56:03 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-21 20:56:02 2000848 ----a-w- c:\windows\PCTBDCore.dll
2012-02-21 20:56:02 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-21 20:56:01 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-02-21 17:06:33 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-21 17:06:33 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-21 17:06:32 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-02-21 17:06:32 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-02-21 17:06:23 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-02-21 17:06:23 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-21 17:06:15 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-02-21 17:06:07 -------- d-----w- c:\users\charles\appdata\roaming\PC Tools
2012-02-21 17:06:07 -------- d-----w- c:\program files\PC Tools Security
2012-02-21 17:06:07 -------- d-----w- c:\program files\common files\PC Tools
2012-02-21 16:58:02 -------- d-----w- c:\programdata\PC Tools
2012-02-20 07:22:09 87176 ----a-w- c:\programdata\WxSGKiWs.exe
2012-02-19 12:47:09 -------- d-----w- c:\users\charles\appdata\roaming\Malwarebytes
2012-02-19 12:41:08 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 12:41:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 12:41:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 22:14:19 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-02-18 22:14:19 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-02-18 22:04:43 -------- d-----w- C:\Riot Games
2012-02-18 19:40:03 -------- d-----w- c:\users\charles\appdata\local\Adobe
2012-02-11 17:40:22 -------- d-----w- c:\users\charles\appdata\local\WBFSManager
2012-02-11 17:39:08 -------- d-----w- c:\program files\WBFS
2012-02-08 19:24:19 -------- d-----w- c:\programdata\Codemasters
2012-02-08 16:18:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-06 17:56:44 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2a3e6002-2066-4e70-aa99-0d03257d8f6a}\mpengine.dll
2012-02-05 01:03:35 -------- d-----w- c:\users\charles\appdata\local\Adobe-BackupByPhotoshopPortable
2012-01-29 00:01:52 -------- d-----w- c:\users\charles\appdata\roaming\Adobe-BackupByPhotoshopPortable
.
==================== Find3M ====================
.
2012-02-23 18:58:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 02:45:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-01 08:50:26 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-01 08:50:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-30 01:56:41 1890 --sha-w- c:\programdata\KGyGaAvL.sys
.
============= FINISH: 14:06:27.72 ===============

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 6:08 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 12/8/2010 5:39:46 AM
System Uptime: 2/26/2012 12:31:49 PM (2 hours ago)
.
Motherboard: Apple Inc. | | Mac-F222BEC8
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 61 GiB total, 15.768 GiB free.
D: is CDROM ()
E: is FIXED (HFS) - 172 GiB total, 3.422 GiB free.
F: is Removable
G: is CDROM ()
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
Baldur's Gate(TM) II - Shadows of Amn(TM)
Boot Camp Services
Browser Defender 3.0
D3DX10
DAEMON Tools Lite
Dual-Core Optimizer
Enterasys NAC Assessment Agent
Google Talk Plugin
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
League of Legends
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Agent
McAfee VirusScan Enterprise
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Morrowind
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA 3D Vision Driver 260.99
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA HD Audio Driver 1.1.9.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
PowerISO
PunkBuster Services
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Toolbars
Skype™ 5.3
Spyware Doctor 8.0
Steam
SUPERAntiSpyware
System Requirements Lab CYRI
TeamSpeak 3 Client
TES Construction Set
The Binding Of Isaac
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Visual C++ 2008 Runtime (x86)
VLC media player 0.9.2
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (01/12/2010 3.1.0.2)
Windows Driver Package - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)
Windows Driver Package - Apple Inc. Bluetooth (03/01/2010 3.0.0.5)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258)
Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (03/12/2010 6.6001.1.23)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/28/2010 6.6001.1.25)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 2:05:42 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
2/26/2012 12:47:40 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/26/2012 12:41:14 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
2/26/2012 12:36:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/26/2012 12:36:48 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/26/2012 12:36:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/26/2012 12:36:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/26/2012 12:36:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/26/2012 12:35:11 PM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
2/26/2012 12:33:03 PM, Error: Service Control Manager [7023] - The TMKEmu service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:02 PM, Error: Service Control Manager [7023] - The Z800bus service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:02 PM, Error: Service Control Manager [7023] - The Ptilink service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:02 PM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:01 PM, Error: Service Control Manager [7023] - The Pivotmou service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:01 PM, Error: Service Control Manager [7023] - The MS1000 service terminated with the following error: The specified module could not be found.
2/26/2012 12:33:01 PM, Error: Service Control Manager [7023] - The InterBaseGuardian service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:59 PM, Error: Service Control Manager [7023] - The Tvichw32 service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:59 PM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:59 PM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:59 PM, Error: Service Control Manager [7023] - The Adminserver service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Wg5n service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Symdns service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Sprtsvc_smartagent service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Pdlndtdl service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Lxrsge10s service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The DfwWebAgent service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:58 PM, Error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:55 PM, Error: Service Control Manager [7023] - The EIO service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7023] - The Tiumfwl service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7023] - The Ood2000 service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7023] - The NMSAccessU service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7023] - The DCamUSBDXGTech service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7023] - The Cpqdfw service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:54 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/26/2012 12:32:52 PM, Error: Service Control Manager [7023] - The Webrootadminconsole service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:52 PM, Error: Service Control Manager [7023] - The Toside service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:52 PM, Error: Service Control Manager [7023] - The Ivscheduler service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:52 PM, Error: Service Control Manager [7023] - The IntelC52 service terminated with the following error: The specified module could not be found.
2/26/2012 12:32:52 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/26/2012 12:18:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
2/26/2012 12:17:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SensrSvc service.
2/26/2012 12:17:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
2/25/2012 9:49:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
2/25/2012 7:51:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
2/25/2012 4:59:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
2/25/2012 10:21:52 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
2/24/2012 2:33:21 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
2/23/2012 9:50:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
2/23/2012 5:36:31 PM, Error: Service Control Manager [7023] - The Tvichw32 service terminated with the following error: The specified procedure could not be found.
2/23/2012 5:21:33 PM, Error: Service Control Manager [7023] - The Pdlndtdl service terminated with the following error: The specified procedure could not be found.
2/23/2012 5:06:41 PM, Error: Service Control Manager [7023] - The Pivotmou service terminated with the following error: The specified procedure could not be found.
2/23/2012 4:51:32 PM, Error: Service Control Manager [7023] - The Cpqdfw service terminated with the following error: The specified procedure could not be found.
2/23/2012 4:36:34 PM, Error: Service Control Manager [7023] - The Ptilink service terminated with the following error: The specified procedure could not be found.
2/23/2012 4:21:35 PM, Error: Service Control Manager [7023] - The Ood2000 service terminated with the following error: The specified procedure could not be found.
2/23/2012 4:06:37 PM, Error: Service Control Manager [7023] - The Toside service terminated with the following error: The specified procedure could not be found.
2/23/2012 3:42:50 PM, Error: Service Control Manager [7023] - The DCamUSBDXGTech service terminated with the following error: The specified procedure could not be found.
2/23/2012 2:29:57 PM, Error: Service Control Manager [7023] - The Webrootadminconsole service terminated with the following error: The specified procedure could not be found.
2/23/2012 2:13:59 PM, Error: Service Control Manager [7023] - The Ivscheduler service terminated with the following error: The specified procedure could not be found.
2/23/2012 12:04:33 PM, Error: Service Control Manager [7023] - The Sprtsvc_smartagent service terminated with the following error: The specified procedure could not be found.
2/23/2012 11:49:26 AM, Error: Service Control Manager [7023] - The Symdns service terminated with the following error: The specified procedure could not be found.
2/23/2012 11:34:31 AM, Error: Service Control Manager [7023] - The EIO service terminated with the following error: The specified procedure could not be found.
2/23/2012 11:19:25 AM, Error: Service Control Manager [7023] - The Mcontrol service terminated with the following error: The specified procedure could not be found.
2/23/2012 11:18:26 AM, Error: Service Control Manager [7023] - The Roxmediadb service terminated with the following error: The specified procedure could not be found.
2/23/2012 10:47:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/23/2012 1:57:55 PM, Error: Service Control Manager [7023] - The IntuitUpdateService service terminated with the following error: The specified procedure could not be found.
2/23/2012 1:42:54 PM, Error: Service Control Manager [7023] - The S616mdfl service terminated with the following error: The specified procedure could not be found.
2/22/2012 9:40:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
2/22/2012 9:40:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7034] - The MS1000 service terminated unexpectedly. It has done this 1 time(s).
2/22/2012 9:38:05 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2012 9:38:05 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 6:54:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/22/2012 6:54:49 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2012 11:50:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
2/22/2012 11:50:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83292ea5, 0x89f3b9a0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
2/21/2012 6:39:35 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
2/21/2012 6:37:10 PM, Error: Service Control Manager [7023] - The Wg5n service terminated with the following error: The specified procedure could not be found.
2/21/2012 6:22:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/21/2012 4:55:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xaae04ab8, 0x00000002, 0x00000000, 0x834743e4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022112-28423-01.
2/21/2012 2:34:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xac78b420, 0x00000002, 0x00000000, 0x834a03e4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022112-23025-01.
2/21/2012 12:14:43 PM, Error: Service Control Manager [7034] - The DfwWebAgent service terminated unexpectedly. It has done this 1 time(s).
2/20/2012 6:15:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8324fea5, 0x88d139a0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-30903-01.
2/20/2012 5:15:11 AM, Error: Service Control Manager [7023] - The InterBaseGuardian service terminated with the following error: The specified procedure could not be found.
2/20/2012 4:28:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x8242d190, 0x00000002, 0x00000000, 0x8345f3e4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-32604-01.
2/20/2012 4:24:31 AM, Error: Service Control Manager [7023] - The Z800bus service terminated with the following error: The specified procedure could not be found.
2/20/2012 4:10:30 AM, Error: Service Control Manager [7023] - The Arkbcfltr service terminated with the following error: The specified procedure could not be found.
2/20/2012 3:25:24 PM, Error: Service Control Manager [7023] - The IntelC52 service terminated with the following error: The specified procedure could not be found.
2/20/2012 3:21:08 AM, Error: Service Control Manager [7023] - The Adminserver service terminated with the following error: The specified procedure could not be found.
2/20/2012 3:13:06 AM, Error: Service Control Manager [7023] - The Tiumfwl service terminated with the following error: The specified procedure could not be found.
2/20/2012 2:34:07 AM, Error: Service Control Manager [7023] - The NMSAccessU service terminated with the following error: The specified procedure could not be found.
2/20/2012 2:33:15 AM, Error: Service Control Manager [7023] - The Lxrsge10s service terminated with the following error: The specified procedure could not be found.
.
==== End Of File ===========================

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 6:28 am

nvr mind

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Mon 27 Feb 2012, 7:44 am

ComboFix 12-02-25.02 - Charles 02/26/2012 15:19:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2807.1941 [GMT -5:00]
Running from: c:\users\Charles\Desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Charles\AppData\Local\.#
c:\windows\$NtUninstallKB24161$\1215043085\@
c:\windows\$NtUninstallKB24161$\1215043085\cfg.ini
c:\windows\$NtUninstallKB24161$\1215043085\Desktop.ini
c:\windows\$NtUninstallKB24161$\1215043085\L\xadqgnnk
c:\windows\$NtUninstallKB24161$\1215043085\oemid
c:\windows\$NtUninstallKB24161$\1215043085\U\00000001.@
c:\windows\$NtUninstallKB24161$\1215043085\U\00000002.@
c:\windows\$NtUninstallKB24161$\1215043085\U\00000004.@
c:\windows\$NtUninstallKB24161$\1215043085\U\80000000.@
c:\windows\$NtUninstallKB24161$\1215043085\U\80000004.@
c:\windows\$NtUninstallKB24161$\1215043085\U\80000032.@
c:\windows\$NtUninstallKB24161$\1215043085\version
c:\windows\$NtUninstallKB24161$\2769492836
C:\Install.exe
c:\programdata\WxSGKiWs.exe
c:\users\Charles\AppData\Local\.#\MBX@9B0@17519C0.###
c:\users\Charles\AppData\Local\.#\MBX@B58@17419C0.###
c:\users\Charles\AppData\Local\.#\MBX@B88@1F19C0.###
c:\users\Charles\AppData\Local\.#\MBX@E64@16C19C0.###
c:\windows\$NtUninstallKB24161$ . . . . Failed to delete
c:\windows\$NtUninstallKB24161$\1215043085\cfg.ini
.
c:\windows\system32\drivers\SCDEmu.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NwSapAgent
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 20:33 . 2012-02-26 20:37 -------- d-----w- c:\users\Charles\AppData\Local\temp
2012-02-26 17:47 . 2012-02-26 17:47 -------- d-----w- c:\users\Charles\AppData\Roaming\SUPERAntiSpyware.com
2012-02-26 17:45 . 2012-02-26 17:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-26 17:45 . 2012-02-26 17:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-23 19:00 . 2012-02-23 19:00 -------- d-----w- c:\program files\Common Files\Java
2012-02-23 18:59 . 2012-02-23 18:59 -------- d-----w- c:\users\Charles\AppData\Local\Threat Expert
2012-02-23 18:59 . 2012-02-23 18:58 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-23 05:14 . 2012-02-23 05:14 -------- d-----w- c:\programdata\IObit
2012-02-23 05:14 . 2012-02-23 05:14 -------- d-----w- c:\program files\IObit
2012-02-22 20:10 . 2012-02-22 20:10 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-22 20:10 . 2012-02-22 20:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-02-22 20:09 . 2012-02-22 20:13 -------- d-----w- c:\users\Charles\AppData\Roaming\DAEMON Tools Lite
2012-02-22 20:09 . 2012-02-22 20:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-21 20:56 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-21 20:56 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-21 20:56 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2012-02-21 20:56 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-02-21 17:06 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-02-21 17:06 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-02-21 17:06 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-02-21 17:06 . 2010-12-16 13:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-02-21 17:06 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-21 17:06 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-02-21 17:06 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-02-21 17:06 . 2012-02-26 17:33 -------- d-----w- c:\program files\PC Tools Security
2012-02-21 17:06 . 2012-02-21 17:13 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-21 17:06 . 2012-02-21 17:06 -------- d-----w- c:\users\Charles\AppData\Roaming\PC Tools
2012-02-21 16:58 . 2012-02-21 17:06 -------- d-----w- c:\programdata\PC Tools
2012-02-19 12:47 . 2012-02-19 12:47 -------- d-----w- c:\users\Charles\AppData\Roaming\Malwarebytes
2012-02-19 12:41 . 2012-02-19 12:41 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 12:41 . 2012-02-19 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 12:41 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 22:43 . 2012-02-18 22:43 -------- d-----w- c:\windows\Sun
2012-02-18 22:14 . 2008-07-12 13:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-02-18 22:14 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-02-18 22:04 . 2012-02-18 22:04 -------- d-----w- C:\Riot Games
2012-02-18 19:40 . 2012-02-18 19:40 -------- d-----w- c:\users\Charles\AppData\Local\Adobe
2012-02-11 17:40 . 2012-02-11 17:40 -------- d-----w- c:\users\Charles\AppData\Local\WBFSManager
2012-02-11 17:39 . 2012-02-23 05:05 -------- d-----w- c:\program files\WBFS
2012-02-08 19:24 . 2012-02-08 19:24 -------- d-----w- c:\programdata\Codemasters
2012-02-08 16:18 . 2012-02-26 19:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-06 17:56 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A3E6002-2066-4E70-AA99-0D03257D8F6A}\mpengine.dll
2012-02-05 01:03 . 2012-02-05 01:03 -------- d-----w- c:\users\Charles\AppData\Local\Adobe-BackupByPhotoshopPortable
2012-01-29 00:01 . 2012-02-05 01:03 -------- d-----w- c:\users\Charles\AppData\Roaming\Adobe-BackupByPhotoshopPortable
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 18:58 . 2010-12-25 10:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 05:21 . 2010-12-08 03:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-07 02:45 . 2011-06-18 19:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-01 08:50 . 2011-12-10 18:49 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-01 08:50 . 2011-12-10 18:49 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-30 01:56 . 2011-01-06 21:26 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-16 14:40 . 2012-02-19 05:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-06 1242448]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Akamai NetSession Interface"="c:\users\Charles\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2010-11-12 525112]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-12-08 233936]
.
c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
NAC Assessment Agent.lnk - c:\program files\Enterasys Networks\NAC Agent\NacAgent.exe [2011-5-24 18162552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1343400]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-22 242240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2010-11-12 193848]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2010-03-23 99640]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2010-11-12 6528]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-03-23 12928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2010-01-28 18432]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2010-10-15 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2010-10-15 29824]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x86.sys [2010-10-15 14336]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2009-10-16 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2010-03-23 23552]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WUSB54Gv4SVC
dcstor32
prfldsvc
motmodem
3combootp
sleepy
sentinelprotectionserver
acermemusagecheckservice
msvsmon90
SE2Emdm
W8335XP
pavatscheduler
nisvcloc
agnwifi
cwafrmiregistry
EMCFILT
i2omp
NSSvcMgr
nvidesm
cpuidlep
PSSdk21
spmd
vstor2-ws60
bocdrive
BRGSp50
PTDCVsp
lxrsge10s
RR2IOMod
CTSYN
ndisip
s3savagemx
s616mdm
vmnetuserif
pdrframe
roxliveshare9
bvrp_pci
odysseyIM4
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\At1.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At10.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At11.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At12.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At13.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At14.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At15.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At16.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At17.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At18.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At19.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At2.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At20.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At21.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At22.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At23.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At24.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At25.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At26.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At27.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At28.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At29.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At3.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At30.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At31.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At32.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At33.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At34.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At35.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At36.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At37.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At38.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At39.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At4.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At40.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At41.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At42.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At43.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At44.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At45.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At46.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At47.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At48.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At5.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At6.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At7.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At8.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At9.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000Core.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:35]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333819058-625823882-979430970-1000UA.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 14:35]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\k92dszrw.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-065B919FD23D12E588F6E2BFB21F7836E2F0E704 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-07170A155D5587C8782EABA10E94E4127A86F6E4 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-111E266FDD1556398EFC13BE47678F96E8497682 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-16E9B4B4A3817C38179BF7D6E12774E0432FD558 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-1D68F7A8B8397256B162B831457A6775BD17F3F4 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-1E934494E1FDB938ED1D9B958D5D5D465A07F06A - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-22BCABA490923565F42CF777F73DF7E58696F3C7 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-2AC97D2605162B73D046D68013D1030CB7CFB87E - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-2E2B6DCC02509BB8D2629A009DE8B5C3055B6779 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-31BC243044B2C02B454ECDA8F5B44427F3754DD0 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-4D00971668041EDAD7097C5827D1739F03B9E5D7 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-5A9DF61C17938C73DCC75C9B4B3A4DE3C74D38ED - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-5D1F13EEF9A42CC17001EAFFC701D57AF8D13E9D - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-60B5F87397EB801AB1BAB3E940CE0E077830B153 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-627745F8E8BB901B043047C3E308B4A76C1194FE - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-675AAC36E980D647C94EAFFB2F929F247E711708 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-680D5EED614F3F01A9AD4547E9D81CFE9B0E4902 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-78C67451B87511098A9A0EC86E75B99B12298F5C - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-82BE89CA9B7493FA05D2D4D32B415CF07EA08B47 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-84865EBF11DAD18A6FD975327C8DBD66D7090BAD - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-9324ED54E32F5399037F87E076CA01C6CEB92830 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-9747248FCA6A074E791AABC17F527823A8225756 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-9AA5295F27284963423D072C7FC59D57CDE15ACA - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-A06888013552B918232820F81FDBA706F5CAAD39 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-A7A7D84907D2DCB34930D77C6BA911E3834C1E34 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-AD3493E108434977125BBF78F47699626F8AF64B - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-AEB482706002E9220FBFB86D4A1D24257F71A3D4 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69 - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-CFC3D985EA69596C8BE0A30313010FCC8CE2C70F - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-DE32692B1421420518B0CA8EEDD6DF2A494F279F - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-E9575EA5D430B59D0CFF29323C74D0FBA1898F3B - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
AddRemove-F24CB85E5983448F6319803791DEACED91E6565B - c:\progra~1\DIFX\25C232B9F73C1237\DPInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,5b,af,e1,02,d7,01,4b,99,60,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,5b,af,e1,02,d7,01,4b,99,60,48,\
.
[HKEY_USERS\S-1-5-21-3333819058-625823882-979430970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3333819058-625823882-979430970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3333819058-625823882-979430970-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,83,e1,ad,e1,e1,d1,3f,66,ac,c4,0a,3f,f7,8a,26,3e,76,90,fd,8f,
b4,85,7b,1f,51,1c,bb,ba,5f,f2,56,cb,50,82,4b,c6,75,3d,1d,da,72,20,d4,e9,c9,\
"rkeysecu"=hex:d0,cf,f0,1f,10,33,96,fc,48,5a,f6,9d,62,54,72,2b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\4FPEM0~1.COM
.
**************************************************************************
.
Completion time: 2012-02-26 15:43:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 20:43
.
Pre-Run: 16,708,141,056 bytes free
Post-Run: 17,288,630,272 bytes free
.
- - End Of File - - AB2AA85024D0701592C29F2C36551DD7

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Superdave on Mon 27 Feb 2012, 12:49 pm

Is this an Apple computer?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by classicgamer101 on Tue 28 Feb 2012, 4:29 pm

it is an apple running boot camp for windows. I hope that's not an issue

classicgamer101

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2012-02-26
Operating System : 7

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Superdave on Wed 29 Feb 2012, 6:32 am

it is an apple running boot camp for windows. I hope that's not an issue.
It could be a major issue. I've never run up against such a configuration. But, let's forge ahead and see what happens. I presume that you have the Windows 7 OS disk?
Have there been any changes on your computer since we've started?


Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.
Code:
:filefind
SCDEmu.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
********************************************************
Re-running ComboFix to remove infections:

[LIST]
[*]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[*]Open notepad and copy/paste the text in the quotebox below into it:

KillAll::
File::

2012-02-26 c:\windows\Tasks\At1.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At10.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At11.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At12.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At13.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At14.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At15.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At16.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At17.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At18.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At19.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At2.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At20.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At21.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At22.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At23.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At24.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At25.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At26.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At27.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At28.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At29.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At3.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At30.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At31.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At32.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At33.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At34.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At35.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At36.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-25 c:\windows\Tasks\At37.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-25 c:\windows\Tasks\At38.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At39.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At4.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At40.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At41.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At42.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At43.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At44.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At45.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At46.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At47.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At48.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At5.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At6.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At7.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]
.
2012-02-26 c:\windows\Tasks\At8.job
- c:\windows\system32\4FPEm0v.com_ [2012-02-21 15:54]
.
2012-02-26 c:\windows\Tasks\At9.job
- c:\windows\system32\4FPEm0v.com [2012-02-26 15:54]

[*]Save this as CFScript.txt, in the same location as ComboFix.exe



[*]Referring to the picture above, drag CFScript into ComboFix.exe
[*]When finished, it shall produce a log for you at C:\ComboFix.txt
[*]Please post the contents of the log in your next reply.
[/LIST

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Invisible windows that play audio ads

Post by Sponsored content Today at 11:08 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum