Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random music(radio) plays and pop ups start showing up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 13th, 2010, 7:38 pm

Help the subject says it all :(
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:20 PM, on 10/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\idt\intelel_v104\wdm\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\MOZILL~1\plugins\WebEx\924\atmgr.exe
C:\PROGRA~1\MOZILL~1\plugins\WebEx\924\CiscoWebexWebService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\MOZILL~1\plugins\WebEx\924\atmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://morsepoetry.blogspot.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/51.23/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9907889774
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebe ... eatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelel_v104\wdm\STacSV.exe

--
End of file - 11324 bytes


The uninstall log
2007 Microsoft Office system
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG 9.0
Bonjour
Brother MFL-Pro Suite MFC-495CW
CCScore
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
FaceFilter Studio Brother Edition
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IDT Audio
Image Resizer Powertoy for Windows XP
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 13.0.44.0
Intel® Matrix Storage Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 21
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KODAK Gallery Upload Software
KSU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
netbrdg
Notifier
OfotoXMI
PaperPort Image Printer
PCDADDIN
PCDHELP
Prevx
QuickTime
Safari
ScanSoft PaperPort 11
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SKIN0001
SKINXSDK
Skype Toolbars
Skype™ 4.2
staticcr
tooltips
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VPRINTOL
WebEx
WIRELESS
Yahoo! Messenger
Yahoo! Toolbar

Thanks in advance
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm
Advertisement
Register to Remove

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 15th, 2010, 3:48 pm

Hi ssrcobra,
You have too many Antivirus apps running. That will cause all kinds of trouble.
I'm not sure yet whether Prevx is interfering as well.
Please proceed:
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight this Entry, and choose Remove :

AVG 9.0

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open, then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue. If you cannot get one of the downloads to work for you, try one of the other links.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • XP : Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 15th, 2010, 9:00 pm

I did everything you had said and it all went off good , see the log below
GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-15 17:58:17
Windows 5.1.2600 Service Pack 3
Running: 4upusdql.exe; Driver: C:\DOCUME~1\Jennifer\LOCALS~1\Temp\fwgdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0x98B95F60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x98B95AF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x989DECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0x989DEBAC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x98B95B40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0x98B95F10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0x989DF160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0x989DF08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x989DE782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0x989DEC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x989DE6C2]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0x98B95CD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x989DE726]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x98B95BE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x989DEDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x989DF22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x989DED66]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x98B95AA0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0x989DEEE6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0x98B95E80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x98B96630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x98B95C80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x98B96000]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x989EBBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x989EB9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x989EBB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 989EBB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP 989EB9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC51E 5 Bytes JMP 989E75D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA2 5 Bytes JMP 989E8FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP 989EBBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00297940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ntdll.dll!NtCreateSection 7C90D160 5 Bytes JMP 00297A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 002978D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ntdll.dll!NtOpenSection 7C90D610 5 Bytes JMP 00297B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 00297B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 00297090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] kernel32.dll!OutputDebugStringA 7C85AC7C 5 Bytes JMP 00297D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00296ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00292740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00292720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00296AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00297800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00296E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00296D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00296C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00296DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 002969D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00296CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00296C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00296D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] ADVAPI32.dll!CredEnumerateW 77E18071 7 Bytes JMP 00296FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00296F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00292890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00292950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 002928D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00292910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00292850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00292760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!HttpSendRequestExW 771CE9C1 5 Bytes JMP 002927F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00292790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!HttpSendRequestW 77212EBC 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 002927C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1408] WININET.dll!HttpSendRequestExA 77212FC1 5 Bytes JMP 00292820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ntdll.dll!NtCreateSection 7C90D160 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ntdll.dll!NtOpenSection 7C90D610 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] kernel32.dll!OutputDebugStringA 7C85AC7C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] ADVAPI32.dll!CredEnumerateW 77E18071 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!HttpSendRequestExW 771CE9C1 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!InternetWriteFile 771F8BB9 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!HttpSendRequestW 77212EBC 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!HttpSendRequestW 77212EBC 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[1472] WININET.dll!HttpSendRequestExA 77212FC1 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\fla37.tmp 1099912 bytes

---- EOF - GMER 1.0.15 ----
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 16th, 2010, 6:59 am

ssrcobra,
That's a good result.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Prevx

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, Under the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
    Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 16th, 2010, 5:56 pm

OTL

OTL logfile created on: 10/16/2010 2:48:16 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Jennifer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.12 Gb Free Space | 92.30% Space Free | Partition Type: NTFS

Computer Name: YOUR-499E1445F2 | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 14:46:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\My Documents\Downloads\OTL.exe
PRC - [2010/10/13 15:27:58 | 000,173,368 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\WebEx\924\atmgr.exe
PRC - [2010/09/14 15:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/10/24 11:44:34 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/07/09 23:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/05/22 02:32:06 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelEL_v104\WDM\stacsv.exe
PRC - [2008/05/22 02:31:16 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 05:00:58 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2007/02/20 03:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/16 14:46:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\My Documents\Downloads\OTL.exe
MOD - [2010/10/13 15:26:21 | 000,115,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\WebEx\924\atasnt40.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/22 02:32:06 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelEL_v104\WDM\stacsv.exe -- (STacSV)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/06/10 20:15:38 | 006,021,184 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/22 02:32:48 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/07 15:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/29 01:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/15 02:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/27 21:42:12 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/20 19:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://morsepoetry.blogspot.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/19 07:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/14 09:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/13 15:26:25 | 000,000,000 | ---D | M]

[2010/10/03 12:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Extensions
[2010/10/03 12:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/16 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\15q06gty.default\extensions
[2010/10/15 08:25:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\15q06gty.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/16 10:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/03 12:43:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/14 09:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/19 07:22:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/09/06 15:33:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/14 15:59:59 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/14 16:00:00 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/10/13 15:26:22 | 000,101,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/10/13 15:26:11 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/14 16:00:01 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/10/12 12:50:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/09/14 13:41:42 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/14 13:41:42 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/29 21:38:43 | 000,002,273 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/09/14 13:41:42 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/14 13:41:42 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/14 13:41:42 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/14 13:41:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/14 13:41:42 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/51.23/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9907889774 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebe ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/04 07:45:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 16:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/14 09:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\webex
[2010/10/13 15:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/13 14:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\skypePM
[2010/10/13 14:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Skype
[2010/10/13 14:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/13 14:48:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/13 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/10/13 12:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/13 12:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/13 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/13 12:47:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/13 12:47:13 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/13 12:47:13 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/13 12:47:13 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/13 12:47:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/13 12:47:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/13 12:47:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/13 12:47:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/13 12:47:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/13 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/13 12:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/12 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/12 10:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/03 12:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla
[2010/09/24 14:36:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/09/24 06:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/16 14:44:07 | 000,302,440 | ---- | M] () -- C:\logfile
[2010/10/16 14:39:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/16 14:38:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/16 14:38:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 13:52:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/15 21:14:03 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Excel 2007.lnk
[2010/10/13 16:50:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/13 15:50:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/13 15:08:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.lnk
[2010/10/13 14:49:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/13 12:47:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/13 12:47:53 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/13 12:47:13 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/13 07:09:58 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/12 12:51:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/12 12:50:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/12 12:47:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/12 12:47:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/12 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 16:39:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Hi Babe.doc
[2010/10/03 12:43:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/03 12:43:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/03 12:03:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/03 12:01:42 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/30 10:18:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/23 12:03:59 | 003,244,032 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/09/23 12:03:59 | 001,620,992 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 15:08:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.lnk
[2010/10/13 14:49:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/13 14:48:57 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/13 12:47:53 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/13 12:47:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/13 12:47:27 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 12:47:27 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 12:47:13 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/13 07:09:58 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/12 12:51:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/12 12:50:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 16:39:47 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\Hi Babe.doc
[2010/10/03 12:43:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/03 12:43:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/03 12:01:42 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/30 10:18:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/13 14:08:39 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/06/13 14:08:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/06/13 14:08:32 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/13 14:08:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/06/13 14:08:15 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/06/13 14:05:52 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/06/06 19:02:45 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 17:58:52 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\setup.txt
[2008/12/05 10:13:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/04 08:37:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/04 08:37:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/04 08:37:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/04 08:37:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/04 08:37:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/04 08:37:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/04 07:59:54 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/12/04 02:35:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/13 12:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/15 16:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/11 16:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/29 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/07/06 18:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/06/13 15:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/02 08:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/25 12:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/16 14:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Dropbox
[2008/12/05 08:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\InterVideo
[2010/07/06 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ScanSoft
[2010/10/16 14:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\webex
[2010/07/06 18:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Zeon

========== Purity Check ==========



< End of report >
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 16th, 2010, 5:58 pm

EXtras
OTL Extras logfile created on: 10/16/2010 2:48:16 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Jennifer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.12 Gb Free Space | 92.30% Space Free | Partition Type: NTFS

Computer Name: YOUR-499E1445F2 | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Brother\Brmfl08l\FAXRX.exe" = C:\Program Files\Brother\Brmfl08l\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries Ltd.)
"C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.44.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2010 3:06:46 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/24 12:06:46.625]: [00003912]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.100]

Error - 9/24/2010 3:07:55 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/24 12:07:55.625]: [00003912]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.100]

Error - 9/24/2010 3:09:04 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/24 12:09:04.625]: [00003912]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.100]

Error - 9/24/2010 3:10:13 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/24 12:10:13.625]: [00003912]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.100]

Error - 9/24/2010 3:10:18 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/09/24 12:10:18.187]: [00003912]: GetDeviceIpAddress:
GetAddressByName [BRW0C60766225D2] Error

Error - 9/30/2010 10:36:41 AM | Computer Name = YOUR-499E1445F2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/11/2010 12:35:20 PM | Computer Name = YOUR-499E1445F2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/12/2010 9:42:16 PM | Computer Name = YOUR-499E1445F2 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/10/12 18:42:16.781]: [00003456]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.100]

Error - 10/13/2010 10:09:22 AM | Computer Name = YOUR-499E1445F2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/13/2010 10:09:22 AM | Computer Name = YOUR-499E1445F2 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 10/11/2010 12:35:12 PM | Computer Name = YOUR-499E1445F2 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/11/2010 12:35:12 PM | Computer Name = YOUR-499E1445F2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/11/2010 8:48:43 PM | Computer Name = YOUR-499E1445F2 | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 10/11/2010 9:06:34 PM | Computer Name = YOUR-499E1445F2 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/12/2010 3:58:13 PM | Computer Name = YOUR-499E1445F2 | Source = DCOM | ID = 10010
Description = The server {16D99191-6280-4B33-A2F5-04805A0FC582} did not register
with DCOM within the required timeout.

Error - 10/13/2010 2:33:56 PM | Computer Name = YOUR-499E1445F2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%6" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding

Error - 10/13/2010 6:50:11 PM | Computer Name = YOUR-499E1445F2 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/13/2010 6:50:11 PM | Computer Name = YOUR-499E1445F2 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/13/2010 6:50:11 PM | Computer Name = YOUR-499E1445F2 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/14/2010 12:31:24 AM | Computer Name = YOUR-499E1445F2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}.
The
error: "%6" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe"
-Embedding


< End of report >
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 16th, 2010, 6:49 pm

ssrcobra,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AVG\AVG8\avgam.exe" = -
    "C:\Program Files\AVG\AVG8\avgemc.exe" = -
    "C:\Program Files\AVG\AVG8\avgupd.exe" = -
    "C:\Program Files\AVG\AVG8\avgnsx.exe" = -
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------------------
Download IE8 and install it (you can use Firefox for the download):
http://www.microsoft.com/windows/intern ... sites.aspx

Then let me know how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 17th, 2010, 5:55 pm

OTL logfile created on: 10/17/2010 2:52:29 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Jennifer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 275.07 Gb Free Space | 92.28% Space Free | Partition Type: NTFS

Computer Name: YOUR-499E1445F2 | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 14:46:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\My Documents\Downloads\OTL.exe
PRC - [2010/10/13 15:27:58 | 000,173,368 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\WebEx\924\atmgr.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/09/06 15:27:27 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/10/24 11:44:34 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/07/09 23:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/05/22 02:32:06 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelEL_v104\WDM\stacsv.exe
PRC - [2008/05/22 02:31:16 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 05:00:58 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2007/02/20 03:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/16 14:46:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\My Documents\Downloads\OTL.exe
MOD - [2010/10/13 15:26:21 | 000,115,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\WebEx\924\atasnt40.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/22 02:32:06 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelEL_v104\WDM\stacsv.exe -- (STacSV)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/06/10 20:15:38 | 006,021,184 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/22 02:32:48 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/07 15:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/29 01:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/15 02:16:44 | 000,244,368 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/27 21:42:12 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/20 19:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://morsepoetry.blogspot.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/14 09:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/13 15:26:25 | 000,000,000 | ---D | M]

[2010/10/03 12:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Extensions
[2010/10/17 11:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\15q06gty.default\extensions
[2010/10/15 08:25:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\15q06gty.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/17 11:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 09:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/06 15:33:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/13 15:26:22 | 000,101,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/10/13 15:26:11 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Jennifer\Application Data\Dropbox\bin\Dropbox.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/51.23/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9907889774 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com/Media/VisitorchatEnu/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebe ... eatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/04 07:45:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 14:44:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/15 16:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/14 09:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/13 15:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\webex
[2010/10/13 15:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/13 14:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\skypePM
[2010/10/13 14:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Skype
[2010/10/13 14:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/13 14:48:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/13 14:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/10/13 12:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/13 12:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/13 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/10/13 12:47:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/13 12:47:13 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/13 12:47:13 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/13 12:47:13 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/13 12:47:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/13 12:47:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/13 12:47:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/13 12:47:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/13 12:47:01 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/13 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/13 12:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/12 12:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/12 10:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/03 12:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Mozilla
[2010/09/24 14:36:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/09/24 06:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/16 07:04:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer\My Documents\My Dropbox
[2010/09/16 07:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Dropbox
[2010/09/06 15:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2010/09/06 15:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/06 15:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/06 15:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/06 15:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 14:52:13 | 000,304,136 | ---- | M] () -- C:\logfile
[2010/10/17 14:52:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 14:47:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 14:46:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 14:46:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 14:41:57 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Facebook Landing page SMO.doc
[2010/10/17 13:01:54 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\True Custom Proposal Template.doc
[2010/10/15 21:14:03 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Microsoft Office Excel 2007.lnk
[2010/10/13 16:50:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/13 15:50:11 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/13 15:08:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.lnk
[2010/10/13 14:49:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/13 12:47:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/13 12:47:53 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/13 12:47:13 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/13 07:09:58 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/12 12:51:58 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/12 12:50:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/12 12:47:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/12 12:47:33 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/12 11:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 16:39:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Hi Babe.doc
[2010/10/03 12:43:15 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/03 12:43:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/03 12:03:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/03 12:01:42 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/30 10:18:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/23 12:03:59 | 003,244,032 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/09/23 12:03:59 | 001,620,992 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/09/16 07:04:47 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/16 07:04:47 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\Dropbox.lnk
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/06 15:27:40 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\GoToMeeting.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 14:41:57 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\Facebook Landing page SMO.doc
[2010/10/17 13:01:54 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\True Custom Proposal Template.doc
[2010/10/13 15:08:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.lnk
[2010/10/13 14:49:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/13 14:48:57 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/10/13 12:47:53 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/13 12:47:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/13 12:47:27 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 12:47:27 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 12:47:13 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/10/13 07:09:58 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/12 12:51:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/12 12:50:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 16:39:47 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\Hi Babe.doc
[2010/10/03 12:43:15 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/03 12:43:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/03 12:01:42 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/09/30 10:18:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/16 07:04:47 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup\Dropbox.lnk
[2010/09/16 07:04:47 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\Dropbox.lnk
[2010/06/13 14:08:39 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/06/13 14:08:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/06/13 14:08:32 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/06/13 14:08:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/06/13 14:08:15 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/06/13 14:05:52 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/06/06 19:02:45 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 17:58:52 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\setup.txt
[2008/12/05 10:13:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/04 08:37:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/04 08:37:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/04 08:37:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/04 08:37:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/04 08:37:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/04 08:37:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/04 07:59:54 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/12/04 02:35:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/13 12:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/15 16:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/11 16:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/29 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/07/06 18:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/06/13 15:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/02 08:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/25 12:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/17 14:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Dropbox
[2008/12/05 08:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\InterVideo
[2010/07/06 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\ScanSoft
[2010/10/17 14:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\webex
[2010/07/06 18:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Zeon

========== Purity Check ==========



< End of report >
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 17th, 2010, 6:01 pm

I will let you know how it is working later this week.
This processes was new to me using hyjack this.
So AVG is not good virus protection since we are leaving it uninstalled?
Thanks
Tom
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 17th, 2010, 6:07 pm

AVG is not as "good" as avast!, and you cannot run more than ONE without sacrificing protection.
Leave it uninstalled.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random music(radio) plays and pop ups start showing up

Unread postby ssrcobra » October 18th, 2010, 3:15 pm

Sorry to say but I still have the problem
ssrcobra
Active Member
 
Posts: 7
Joined: October 13th, 2010, 7:14 pm

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 18th, 2010, 4:53 pm

ssrcobra,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random music(radio) plays and pop ups start showing up

Unread postby askey127 » October 22nd, 2010, 8:12 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware