Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Computer playing commercials several times a day  (Read 14943 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Thanked: 991
  • Certifications: List
  • Experience: Expert
  • OS: Windows 8
Re: Computer playing commercials several times a day
« Reply #30 on: September 05, 2013, 04:45:48 PM »
I disabled it and I still get it! This is getting creepy.
Can you uninstall dropbox?
Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

zulubanshee

    Topic Starter


    Beginner

    • Experience: Familiar
    • OS: Windows Vista
    Re: Computer playing commercials several times a day
    « Reply #31 on: September 06, 2013, 11:46:17 AM »
    I uninstalled Dropbox last night and have not heard anything so far today, which is about 3 hours.

    zulubanshee

      Topic Starter


      Beginner

      • Experience: Familiar
      • OS: Windows Vista
      Re: Computer playing commercials several times a day
      « Reply #32 on: September 06, 2013, 12:23:33 PM »
      Fsck all! It started again.

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 991
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Computer playing commercials several times a day
      « Reply #33 on: September 06, 2013, 04:35:47 PM »
      Fsck all! It started again.
      Does it still do when IE is opened?
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      zulubanshee

        Topic Starter


        Beginner

        • Experience: Familiar
        • OS: Windows Vista
        Re: Computer playing commercials several times a day
        « Reply #34 on: September 06, 2013, 05:04:23 PM »
        I don't  use IE but I can leave it open.

        Here is a strange thing, a couple of days ago I shut down every process in Task manager (except for the system ones, which cannot be stopped) while the audio was running; everything was stopped including my desktop, which entirely disappeared, and I could still hear the audio.

        zulubanshee

          Topic Starter


          Beginner

          • Experience: Familiar
          • OS: Windows Vista
          Re: Computer playing commercials several times a day
          « Reply #35 on: September 06, 2013, 05:22:52 PM »
          hah no luck

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 991
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Computer playing commercials several times a day
          « Reply #36 on: September 06, 2013, 06:30:22 PM »
          Quote
          everything was stopped including my desktop, which entirely disappeared, and I could still hear the audio.
          The only one you shouldn't stop is explorer. This is really a puzzle. Please try this. Physically disconnect from the internet and see if you can still hear the audio.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          zulubanshee

            Topic Starter


            Beginner

            • Experience: Familiar
            • OS: Windows Vista
            Re: Computer playing commercials several times a day
            « Reply #37 on: September 06, 2013, 08:42:10 PM »
            It started playing, so I disconnected the internet and it stopped about 5 seconds later. I left it off for about 3 minutes, and when I plugged it back it, it started playing again within 5 seconds.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Computer playing commercials several times a day
            « Reply #38 on: September 07, 2013, 01:21:51 PM »
            I'm going t check with a colleague about this problem.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            zulubanshee

              Topic Starter


              Beginner

              • Experience: Familiar
              • OS: Windows Vista
              Re: Computer playing commercials several times a day
              « Reply #39 on: September 07, 2013, 05:55:47 PM »
              Well thank you I appreciate it. My online investigation suggests that theTDSSKiller should have done the job, but I suppose I have a variant. In any event, I'm beginning to brace myself for the possibility that I will have to reinstall.

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Computer playing commercials several times a day
              « Reply #40 on: September 07, 2013, 06:29:43 PM »
              Well thank you I appreciate it. My online investigation suggests that theTDSSKiller should have done the job, but I suppose I have a variant. In any event, I'm beginning to brace myself for the possibility that I will have to reinstall.
              That's always a possibility. You should backup all your important data. Also could you run ComboFix and TDSSKiller and post the logs. I only need to see the bottom ten lines of TDSS.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              zulubanshee

                Topic Starter


                Beginner

                • Experience: Familiar
                • OS: Windows Vista
                Re: Computer playing commercials several times a day
                « Reply #41 on: September 07, 2013, 09:26:41 PM »
                TDSS
                23:24:28.0599 7808  ================ Scan VBR ==================================
                23:24:28.0617 7808  [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1
                23:24:28.0618 7808  \Device\Harddisk0\DR0\Partition1 - ok
                23:24:28.0640 7808  [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1
                23:24:28.0642 7808  \Device\Harddisk1\DR1\Partition1 - ok
                23:24:28.0648 7808  [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1
                23:24:28.0650 7808  \Device\Harddisk2\DR2\Partition1 - ok
                23:24:28.0655 7808  ============================================================
                23:24:28.0655 7808  Scan finished
                23:24:28.0655 7808  ============================================================
                23:24:28.0689 4336  Detected object count: 0
                23:24:28.0689 4336  Actual detected object count: 0

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 991
                • Certifications: List
                • Experience: Expert
                • OS: Windows 8
                Re: Computer playing commercials several times a day
                « Reply #42 on: September 08, 2013, 01:09:16 PM »
                Good, could you run ComboFix again and post the log?

                Please download Farbar Service Scanner and run it on the computer with the issue.
                • Press "Scan".
                • It will create a log (FSS.txt) in the same directory the tool is run.
                • Please copy and paste the log to your reply.
                Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                zulubanshee

                  Topic Starter


                  Beginner

                  • Experience: Familiar
                  • OS: Windows Vista
                  Re: Computer playing commercials several times a day
                  « Reply #43 on: September 08, 2013, 02:09:48 PM »
                  ComboFix 13-09-08.02 - doug 09/08/2013  15:12:02.4.4 - x64
                  Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5378 [GMT -4:00]
                  Running from: c:\users\doug\Desktop\ComboFix.exe
                  AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
                  SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
                  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  .
                  (((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
                  .
                  .
                  2013-09-08 19:40 . 2013-09-08 19:40   --------   d-----w-   c:\users\Public\AppData\Local\temp
                  2013-09-08 19:40 . 2013-09-08 19:40   --------   d-----w-   c:\users\doug taylor\AppData\Local\temp
                  2013-09-08 19:40 . 2013-09-08 19:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
                  2013-09-08 19:40 . 2013-09-08 19:40   --------   d-----w-   c:\users\AppData\AppData\Local\temp
                  2013-09-08 16:00 . 2013-09-08 16:00   --------   d-----w-   c:\program files (x86)\ConvertHelper
                  2013-09-08 06:24 . 2013-09-08 06:24   119808   ----a-r-   c:\users\doug\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
                  2013-09-08 06:12 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DE85584-98F4-43CC-A37C-56526BAB3EC3}\mpengine.dll
                  2013-09-07 00:02 . 2013-09-07 00:07   --------   d-----w-   c:\program files (x86)\KeePass Password Safe
                  2013-09-06 23:57 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                  2013-09-06 23:20 . 2013-09-06 23:46   --------   d-----w-   c:\program files (x86)\KeePass Password Safe 2
                  2013-09-05 21:45 . 2013-09-05 21:41   965008   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D26914A-9449-4EAD-A67D-247F900B5C43}\gapaengine.dll
                  2013-09-03 20:38 . 2013-09-05 16:05   --------   d-----w-   c:\program files (x86)\WhatsRunning
                  2013-09-03 20:29 . 2013-09-03 20:29   --------   d-----w-   c:\users\doug\AppData\Roaming\SUPERAntiSpyware.com
                  2013-09-03 04:22 . 2013-09-03 04:22   --------   d-----w-   c:\programdata\Epubsoft
                  2013-09-03 04:21 . 2013-09-03 04:21   --------   d-----w-   c:\program files (x86)\EPUBSOFT
                  2013-09-03 01:38 . 2013-09-03 01:38   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
                  2013-09-03 01:38 . 2013-04-04 18:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
                  2013-08-30 22:44 . 2013-08-30 22:44   --------   d-----w-   c:\program files (x86)\ESET
                  2013-08-29 23:23 . 2013-08-29 23:23   --------   d-----w-   c:\windows\ERUNT
                  2013-08-29 00:54 . 2013-09-03 01:27   --------   d-----w-   C:\AdwCleaner
                  2013-08-28 18:48 . 2013-08-28 18:48   --------   d-----w-   c:\users\doug\AppData\Roaming\webex
                  2013-08-28 18:46 . 2013-08-28 18:45   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
                  2013-08-28 15:15 . 2013-08-02 14:06   1706496   ----a-w-   c:\windows\system32\WMVDECOD.DLL
                  2013-08-28 15:15 . 2013-08-02 04:09   1548288   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
                  2013-08-25 19:51 . 2013-08-25 19:51   --------   d-----w-   c:\users\doug\{fae33a4d-6b95-46a1-a648-2d889c683668}
                  2013-08-25 17:21 . 2013-09-08 19:21   --------   d-----w-   c:\users\doug\AppData\Local\GC
                  2013-08-25 17:21 . 2013-08-25 17:23   --------   d-----w-   c:\program files (x86)\GC
                  2013-08-15 20:42 . 2013-08-15 20:43   --------   d-----w-   c:\program files\jEdit
                  2013-08-15 20:38 . 2013-08-15 20:38   --------   d-----w-   c:\users\doug\AppData\Roaming\KDE
                  2013-08-15 20:38 . 2013-08-15 20:38   --------   d-----w-   c:\programdata\KDE
                  2013-08-14 13:58 . 2013-07-25 02:25   104448   ----a-w-   c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
                  2013-08-14 13:58 . 2013-07-25 02:25   387584   ----a-w-   c:\program files (x86)\Internet Explorer\jsdbgui.dll
                  2013-08-14 13:58 . 2013-07-25 03:30   499200   ----a-w-   c:\program files\Internet Explorer\jsdbgui.dll
                  2013-08-14 13:58 . 2013-07-25 02:25   678912   ----a-w-   c:\program files (x86)\Internet Explorer\iedvtool.dll
                  2013-08-14 13:58 . 2013-07-25 03:30   887808   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
                  2013-08-14 13:58 . 2013-07-25 03:54   17830400   ----a-w-   c:\windows\system32\mshtml.dll
                  2013-08-14 13:58 . 2013-07-25 03:35   10926080   ----a-w-   c:\windows\system32\ieframe.dll
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2013-08-28 18:45 . 2012-06-24 14:54   867240   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
                  2013-08-28 18:45 . 2010-05-16 18:32   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
                  2013-08-23 12:08 . 2013-03-12 10:28   941720   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
                  2013-08-21 16:36 . 2012-04-13 14:55   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
                  2013-08-21 16:36 . 2011-05-22 15:00   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                  2013-08-14 14:08 . 2006-11-02 12:35   78161360   ----a-w-   c:\windows\system32\mrt.exe
                  2013-08-01 15:21 . 2013-08-01 15:21   57096   ----a-w-   c:\windows\system32\certsentry.dll
                  2013-08-01 15:21 . 2013-08-01 15:21   48392   ----a-w-   c:\windows\SysWow64\certsentry.dll
                  2013-08-01 15:21 . 2013-08-01 15:21   1060864   ----a-w-   c:\windows\SysWow64\mfc71.dll
                  2013-07-08 04:16 . 2013-08-14 01:00   43008   ----a-w-   c:\windows\apppatch\acwow64.dll
                  2013-07-07 02:47 . 2013-07-07 01:56   18960   ----a-w-   c:\windows\system32\drivers\LNonPnP.sys
                  2013-07-07 02:01 . 2013-07-07 02:01   53248   ----a-r-   c:\users\doug\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
                  2013-07-05 23:46 . 2013-07-05 23:46   47496   ----a-w-   c:\windows\system32\sbbd.exe
                  2013-07-05 23:46 . 2013-07-05 23:46   14456   ----a-w-   c:\windows\system32\drivers\gfibto.sys
                  2013-06-21 00:07 . 2013-08-03 06:34   203672   ----a-w-   c:\windows\system32\drivers\ssudmdm.sys
                  2013-06-21 00:07 . 2013-08-03 06:34   103448   ----a-w-   c:\windows\system32\drivers\ssudbus.sys
                  2013-06-19 01:50 . 2013-06-19 01:50   247216   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
                  2013-06-19 01:50 . 2012-08-31 03:03   139616   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
                  2013-06-11 15:58 . 2013-06-11 15:58   108448   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
                  2013-06-11 15:58 . 2013-06-11 21:46   311200   ----a-w-   c:\windows\system32\javaws.exe
                  2013-06-11 15:58 . 2013-06-11 21:46   188832   ----a-w-   c:\windows\system32\javaw.exe
                  2013-06-11 15:58 . 2013-06-11 21:46   188320   ----a-w-   c:\windows\system32\java.exe
                  2013-06-11 15:58 . 2012-09-24 20:34   971680   ----a-w-   c:\windows\system32\deployJava1.dll
                  2013-06-11 15:58 . 2012-09-24 20:34   1092512   ----a-w-   c:\windows\system32\npDeployJava1.dll
                  .
                  .
                  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
                  @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
                  @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
                  @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
                  @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
                  @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
                  @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
                  @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
                  @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
                  @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
                  "Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2012-07-06 49321]
                  "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
                  "KeePass Password Safe"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2013-07-12 2074112]
                  "SansaDispatch"="c:\users\doug\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-07-29 613888]
                  "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                  "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
                  "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
                  "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
                  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
                  "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
                  "aux8"=wdmaud.drv
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                  @="Service"
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                  @="Service"
                  .
                  S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

                  .
                  .
                  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
                  Themes
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                  2013-09-04 00:25   1177552   ----a-w-   c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
                  .
                  Contents of the 'Scheduled Tasks' folder
                  .
                  2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 16:36]
                  .
                  2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
                  - c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
                  .
                  2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
                  - c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
                  .
                  2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-21 02:04]
                  .
                  2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-21 02:04]
                  .
                  .
                  --------- X64 Entries -----------
                  .
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
                  @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
                  @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
                  @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
                  @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
                  @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
                  @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
                  @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
                  @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
                  @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
                  [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
                  2011-06-13 14:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
                  "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
                  .
                  ------- Supplementary Scan -------
                  .
                  uLocal Page = c:\windows\system32\blank.htm
                  uStart Page = hxxp://www.google.com/
                  mStart Page = hxxp://www.google.com
                  mDefault_Page_URL = hxxp://www.google.com
                  mLocal Page = c:\windows\SysWOW64\blank.htm
                  uInternet Settings,ProxyOverride = *.local
                  LSP: %windir%\system32\vsocklib.dll
                  Trusted Zone: google.com\mail
                  TCP: Interfaces\{69DE6067-93A0-4FFF-AD69-C6EE7006F35F}: NameServer = 8.8.8.8,8.8.4.4
                  DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
                  FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\
                  FF - prefs.js: browser.search.selectedEngine - Urban Dictionary
                  FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
                  FF - prefs.js: network.proxy.type - 0
                  FF - ExtSQL: 2013-07-08 20:14; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\[email protected]
                  FF - ExtSQL: 2013-07-10 20:43; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\[email protected]
                  FF - ExtSQL: 2013-07-12 23:46; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
                  FF - ExtSQL: 2013-08-17 00:32; *Blocked Russian URL*; *Blocked Russian URL*.xpi
                  FF - ExtSQL: 2013-08-26 18:15; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\[email protected]
                  FF - ExtSQL: 2013-08-29 09:44; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
                  FF - ExtSQL: 2013-09-06 13:06; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drledbvc.default-1363375022659\extensions\[email protected]
                  .
                  .
                  ------- File Associations -------
                  .
                  .txt=
                  .
                  - - - - ORPHANS REMOVED - - - -
                  .
                  Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
                  ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                  ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                  ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                  ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
                  AddRemove-Freecorder4.1 - c:\windows\Freecorder\uninstall.exe
                  AddRemove-Software Informer_is1 - c:\program files (x86)\Software Informer\unins000.exe
                  .
                  .
                  .
                  --------------------- LOCKED REGISTRY KEYS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Shockwave Flash Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                  @="0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="ShockwaveFlash.ShockwaveFlash.11"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="ShockwaveFlash.ShockwaveFlash"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Macromedia Flash Factory Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="FlashFactory.FlashFactory.1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="FlashFactory.FlashFactory"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
                  @="Shockwave Flash"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
                  @Denied: (A 2) (Everyone)
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
                  @="FlashBroker"
                  .
                  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
                  "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
                     00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  Completion time: 2013-09-08  15:45:43
                  ComboFix-quarantined-files.txt  2013-09-08 19:45
                  ComboFix2.txt  2013-09-08 04:43
                  ComboFix3.txt  2013-08-30 01:20
                  ComboFix4.txt  2012-12-24 21:48
                  .
                  Pre-Run: 292,035,256,320 bytes free
                  Post-Run: 292,014,505,984 bytes free
                  .
                  - - End Of File - - C1280B2869062A7C4AA98C3A1CC9E67C
                  B751AF1ACDDD7A1A71313731839F4ECB

                  zulubanshee

                    Topic Starter


                    Beginner

                    • Experience: Familiar
                    • OS: Windows Vista
                    Re: Computer playing commercials several times a day
                    « Reply #44 on: September 08, 2013, 02:14:19 PM »
                    Farbar Service Scanner Version: 05-09-2013
                    Ran by doug (administrator) on 08-09-2013 at 16:11:18
                    Running from "C:\Users\doug\Desktop"
                    Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
                    Boot Mode: Normal
                    ****************************************************************

                    Internet Services:
                    ============

                    Connection Status:
                    ==============
                    Localhost is accessible.
                    LAN connected.
                    Google IP is accessible.
                    Google.com is accessible.
                    Yahoo.com is accessible.


                    Other Services:
                    ==============


                    File Check:
                    ========
                    C:\Windows\System32\nsisvc.dll => MD5 is legit
                    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
                    C:\Windows\System32\dhcpcsvc.dll
                    [2009-09-17 19:45] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

                    C:\Windows\System32\drivers\afd.sys
                    [2012-02-16 00:42] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

                    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
                    C:\Windows\System32\Drivers\tcpip.sys
                    [2013-08-13 21:00] - [2013-07-04 23:58] - 1417664 ____A (Microsoft Corporation) EA8623BDD511A1ACD18DA4883860ADDE

                    C:\Windows\System32\dnsrslvr.dll
                    [2011-04-15 14:02] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

                    C:\Windows\System32\svchost.exe => MD5 is legit
                    C:\Windows\System32\rpcss.dll
                    [2009-09-17 19:47] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



                    **** End of log ****