WiredWX Hobby Weather ToolsLog in

 


Random Script Errors and audio files?

2 posters

descriptionRandom Script Errors and audio files? EmptyRandom Script Errors and audio files?

more_horiz
Hello,

I'm having an issue that I believe is related to a virus or malware. The symptoms include IE script errors continuously popping up that list sketchy sounding websites, random audio files playing while I'm surfing the net (they usually sound like adds, but some are just off the wall.....like stand up comedy in a foreign language), and Google redirects when I left click on any search results. I'm able to right click and select "open link in new tab" and the link opens without any issues. These issues started happening on April 28th. I've used CCleaner & HijackThis for years (just discovered OTL from this website), here are some entries from each that I believe correspond with the malware:

C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB2416447-X86.exe
C:\WINDOWS\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e\update\update.exe
No HKLM:Run NetFxUpdate_v1.1.4322 "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID

The last one is a startup entry from CCleaner that I turned off. These three items may or may not be related, but they all cropped up on the 28th or 29th, and seemed to be correlated with the instance of either a redirct or an audio file running. Below is my OTL output, any help with this stuff would be very much appreciated, thank you:

OTL logfile created on: 5/5/2011 6:14:41 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 44.00 Mb Available Physical Memory | 18.00% Memory free
1,002.00 Mb Paging File | 671.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.40 Gb Free Space | 70.85% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 13:48:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/24 00:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/07/30 10:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 13:48:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WMPNetworkSvc)
SRV - File not found [Disabled | Stopped] -- -- (WMDM PMSP Service)
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (fgcupdate)
SRV - File not found [Auto | Stopped] -- -- (fgcrepl)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2007/04/26 10:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 10:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 10:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/25 03:18:46 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/26 04:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2003/02/11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PELMOUSE.SYS -- (pelmouse)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 13:55:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 22:28:08 | 000,000,000 | ---D | M]

[2010/07/22 13:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/10/29 08:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\c4cbyzt9.default\extensions
[2010/08/24 23:06:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\c4cbyzt9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/13 13:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\JAVA\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304625329546 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/07/08 15:30:30 | 000,000,080 | ---- | M] () - C:\AUTOEXEC.AGO -- [ NTFS ]
O32 - AutoRun File - [2003/11/22 12:21:10 | 000,000,084 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/07/09 13:40:52 | 000,000,080 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2002/10/01 16:38:02 | 000,000,080 | -H-- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe - (Adobe Systems Inc.)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSC - hkey= - key= - File not found
MsConfig - StartUpReg: NetFxUpdate_v1.1.4322 - hkey= - key= - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (Microsoft)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - IEJAVA
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 7.0.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {280ad020-daec-11d2-83c7-0000f8051539} - Mobile processor update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 7.0.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {34718640-ecfa-11d2-b5da-00a0c90833e8} - Windows 98 Second Edition
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015D} - DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47f67d00-9e55-11d1-baef-00c04fc2d130} - AOL Support Files
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {50daafc0-e217-11d2-83c7-0000f8051539} - Continuous windows operation fix
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76C19B50-F0C8-11cf-87CC-0020AFEECF20} - Language Auto-Selection
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {893c7200-9dd-11d2-b0d6-00c04f777f0c} - Microsoft Libraries update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9a2e4ab0-9a7e-11d2-9da1-00c04f98bbc9} - Windows Media Player Codecs
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {b59c7da0-daea-11d2-83c7-0000f8051539} - Registration wizard update
ActiveX: {B9A1063C-F9CC-11D1-8E01-0020AFE53FCF} - Active accessibility update
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA0A4247-44BE-11d1-A005-00805F8ABE06} - RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5925FA0-73D1-11D2-BCC5-0000F83002C6} - Windows 98 Year 2000 Update
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {F94C2DA4-708E-11d3-AFB2-00C04F6814C4} - OLE Automation
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
ActiveX: MmoptPreferredAudioDevices - Windows Setup - Multimedia

Drivers32: MIDI2 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: MSACM.CTRXAUD - ctrxaud.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.CTRX - ctrxvid.drv File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VDOM - vdowave.drv File not found
Drivers32: Vids.draw - File not found
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 16:22:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/04/29 13:48:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/04/29 13:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/04/29 13:47:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/29 13:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/29 13:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/29 13:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/29 12:09:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\NDP1.1sp1-KB2416447-X86
[2011/04/28 13:14:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011/04/28 12:33:32 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/04/28 12:33:32 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/04/28 12:32:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/04/28 12:32:06 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/04/28 12:31:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/04/28 12:29:27 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/04/28 12:23:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\MPTelemetrySubmit
[2011/04/28 12:22:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/04/28 12:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\backups
[2011/04/28 12:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\HiJackThis
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 16:28:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\ngen.exe
[2011/05/05 16:27:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\Perflib_Perfdata_7e0.dat
[2011/05/05 16:27:17 | 000,045,570 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\CPAs Hilton Short Pump Updated Quote 2011.pdf
[2011/05/05 16:26:43 | 000,469,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 16:26:43 | 000,083,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 16:12:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 16:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 16:11:43 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/05 15:35:10 | 000,045,619 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\AVFX Quote for June 22 2011.pdf
[2011/05/05 09:35:58 | 000,044,524 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Ruggles UPDATED ACOP April 2011.pdf
[2011/05/04 12:47:49 | 000,043,627 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Eddys PNC Order May 2011.pdf
[2011/05/04 12:03:24 | 000,040,969 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Aviva 14 PTTs May 2011.pdf
[2011/04/29 14:05:27 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/04/29 14:05:01 | 000,003,348 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/04/29 13:48:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/04/28 13:14:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011/04/28 12:20:49 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/04/28 09:00:14 | 000,501,255 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Andrew Mann at Homestead.rtf
[2011/04/28 08:59:37 | 000,465,341 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\CPAs at Jefferson.rtf
[2011/04/28 08:58:49 | 000,486,435 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Catapult.rtf
[2011/04/20 21:54:26 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Operations on 2kserver.lnk
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 16:28:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\ngen.exe
[2011/05/05 16:27:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_7e0.dat
[2011/05/05 16:27:17 | 000,045,570 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\CPAs Hilton Short Pump Updated Quote 2011.pdf
[2011/05/05 15:35:10 | 000,045,619 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\AVFX Quote for June 22 2011.pdf
[2011/05/05 09:35:58 | 000,044,524 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Ruggles UPDATED ACOP April 2011.pdf
[2011/05/04 12:47:49 | 000,043,627 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Eddys PNC Order May 2011.pdf
[2011/05/04 12:03:24 | 000,040,969 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Aviva 14 PTTs May 2011.pdf
[2011/04/28 12:24:48 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/04/28 12:20:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2011/04/28 09:00:14 | 000,501,255 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Andrew Mann at Homestead.rtf
[2011/04/28 08:59:37 | 000,465,341 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\CPAs at Jefferson.rtf
[2011/04/28 08:58:49 | 000,486,435 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Catapult.rtf
[2009/11/13 13:31:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_6dc.dat
[2009/11/13 13:20:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/13 13:03:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_72c.dat
[2009/11/13 13:02:49 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_764.dat
[2009/11/13 13:02:48 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_4a4.dat
[2007/06/11 10:45:58 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/11/10 15:49:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/10/06 15:11:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/08/31 09:34:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/17 16:00:42 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/30 17:27:41 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/03/15 17:55:31 | 000,000,189 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/03 12:46:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2004/03/03 12:46:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2004/03/03 12:45:09 | 000,016,384 | ---- | C] () -- C:\WINDOWS\Perflib_Perfdata_b28.dat
[2004/03/03 12:26:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/05 16:44:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/01/08 12:20:46 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/01/08 11:45:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/12/29 14:15:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2003/12/23 10:08:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/12/23 10:04:58 | 000,001,240 | ---- | C] () -- C:\WINDOWS\LnkStub.dat
[2003/12/23 10:03:22 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/12/23 10:03:22 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/12/23 10:03:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/12/23 10:03:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/12/23 10:03:22 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/23 10:03:22 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2003/12/23 10:03:22 | 000,000,851 | ---- | C] () -- C:\WINDOWS\acroread.ini
[2003/12/23 10:03:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/12/23 10:03:22 | 000,000,774 | ---- | C] () -- C:\WINDOWS\CWDAUDIO.INI
[2003/12/23 10:03:22 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
[2003/12/23 10:03:22 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/12/23 10:03:22 | 000,000,179 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2003/12/23 10:03:22 | 000,000,146 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/12/23 10:03:22 | 000,000,122 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/23 10:03:22 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2003/12/23 10:03:22 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/12/23 10:03:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/12/23 10:03:22 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SMWIZARD.INI
[2003/12/23 10:03:22 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/12/23 10:03:22 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/12/23 10:03:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003/12/23 10:03:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2003/12/23 10:03:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/12/23 09:59:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/12/23 09:55:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/23 09:55:03 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/12/16 11:47:55 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\MODCTRL.DLL
[2003/01/25 13:47:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2003/01/25 13:47:22 | 000,009,273 | ---- | C] () -- C:\WINDOWS\System32\a312.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/01 16:37:37 | 000,278,560 | R--- | C] () -- C:\WINDOWS\HWINFO.DAT
[2002/08/29 04:41:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wisptis.exe
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,469,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,083,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/04/06 13:32:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TBLIST.dll
[2000/03/31 15:23:29 | 000,008,722 | ---- | C] () -- C:\WINDOWS\hh.dat
[2000/03/31 13:09:41 | 013,229,944 | ---- | C] () -- C:\WINDOWS\aolback.exe
[2000/03/31 08:53:01 | 000,056,670 | ---- | C] () -- C:\WINDOWS\ESSSWT.DAT
[2000/03/30 17:06:10 | 000,239,320 | ---- | C] () -- C:\WINDOWS\CWDMIX.EXE
[2000/03/30 17:06:10 | 000,098,320 | ---- | C] () -- C:\WINDOWS\CWDINIT.EXE
[2000/03/30 17:06:10 | 000,008,676 | ---- | C] () -- C:\WINDOWS\CWDAUDIO.BIN
[2000/03/30 16:59:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[2000/03/30 16:47:56 | 000,011,079 | ---- | C] () -- C:\Program Files\folder.htt
[1999/04/23 23:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1999/04/23 23:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/02/22 02:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/17 02:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/01/15 02:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\FONTS\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/04/23 23:22:00 | 000,091,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Channel Screen Saver.SCR
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2002/10/01 16:37:00 | 000,011,079 | ---- | M] () -- C:\Program Files\folder.htt

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/11/13 13:46:50 | 000,000,080 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/04/28 13:14:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Desktop\HijackThis.exe
[2011/04/29 13:48:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >
[2002/10/03 13:08:30 | 008,028,526 | R--- | M] () -- C:\Program Files\Internet Explorer\ie6bak.DAT

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/07/20 09:39:48 | 000,109,432 | ---- | M] () -- C:\Documents and Settings\Admin\g2ax_customer_downloadhelper_win32_x86.exe
[2011/05/05 16:28:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\ngen.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/06/25 22:27:59 | 000,120,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/06/25 22:27:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/06/25 22:28:01 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/29 14:05:01 | 000,003,348 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll

< %systemroot%\system32\*.exe /lockedfiles >
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ntoskrnl.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/12/23 09:54:44 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2003/12/23 09:54:44 | 000,630,784 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2003/12/23 09:54:44 | 000,393,216 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\*.sys >
[2003/04/15 11:28:24 | 000,032,311 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a301.sys
[2003/04/15 11:28:28 | 000,010,807 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a302.sys
[2003/04/15 11:28:32 | 000,028,215 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a303.sys
[2003/04/15 11:28:36 | 000,045,623 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a304.sys
[2003/04/15 11:28:40 | 000,011,319 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a305.sys
[2003/04/15 11:28:44 | 000,015,927 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a306.sys
[2003/04/15 11:28:48 | 000,020,535 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a307.sys
[2003/04/15 11:28:52 | 000,010,295 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a308.sys
[2003/04/15 11:28:56 | 000,024,631 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a309.sys
[2003/04/15 11:29:00 | 000,032,311 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a310.sys
[2003/04/15 11:29:04 | 000,031,799 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a311.sys
[2002/06/21 12:30:32 | 000,009,273 | ---- | M] () -- C:\WINDOWS\SYSTEM32\a312.sys
[2003/04/15 11:29:20 | 000,036,407 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a313.sys
[2003/04/15 11:29:24 | 000,010,295 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\a314.sys
[2001/08/23 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ansi.sys
[2001/08/23 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\country.sys
[2003/03/04 13:54:48 | 000,145,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\E100BNT5.SYS
[2001/08/23 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\himem.sys
[2003/04/15 11:28:04 | 000,061,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ialmkchw.sys
[2003/04/15 11:28:12 | 000,111,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ialmsbw.sys
[2001/08/23 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\key01.sys
[2002/08/29 00:23:06 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\keyboard.sys
[2001/08/23 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos.sys
[2001/08/23 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos404.sys
[2001/08/23 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos411.sys
[2001/08/23 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos412.sys
[2001/08/23 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntdos804.sys
[2004/08/04 01:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio.sys
[2004/08/04 01:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio404.sys
[2004/08/04 01:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio411.sys
[2004/08/04 01:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio412.sys
[2004/08/04 01:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ntio804.sys
[2003/04/15 11:29:08 | 000,020,021 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\vch.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2011/03/03 09:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 18:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2002/07/08 15:30:30 | 000,000,080 | ---- | M] () -- C:\AUTOEXEC.AGO
[2003/11/22 12:21:10 | 000,000,084 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/07/09 13:40:52 | 000,000,080 | -HS- | M] () -- C:\AUTOEXEC.DOS
[2002/10/01 16:38:02 | 000,000,080 | -H-- | M] () -- C:\AUTOEXEC.SYD
[2004/08/31 09:54:22 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2003/12/23 09:48:48 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2002/07/08 15:30:30 | 000,000,069 | -H-- | M] () -- C:\CONFIG.AGO
[2002/07/09 13:40:52 | 000,000,069 | -HS- | M] () -- C:\CONFIG.DOS
[2002/10/01 16:38:02 | 000,000,069 | -H-- | M] () -- C:\CONFIG.SYD
[2003/11/22 12:21:10 | 000,000,073 | ---- | M] () -- C:\CONFIG.SYS
[1999/10/25 11:04:52 | 000,049,010 | ---- | M] () -- C:\ESSAUDIO.COM
[2002/06/19 18:21:56 | 000,000,096 | ---- | M] () -- C:\ESSAUDIO.INI
[1999/10/25 11:05:46 | 000,012,560 | ---- | M] () -- C:\ESSAUDIO.SYS
[1999/01/21 17:40:00 | 000,512,000 | ---- | M] () -- C:\FHLOAD.EXE
[1999/01/21 17:38:00 | 000,000,091 | ---- | M] () -- C:\FHLOAD.INI
[2000/03/30 16:30:38 | 000,001,012 | ---- | M] () -- C:\FRUNLOG.TXT
[2000/03/17 11:38:38 | 000,680,602 | ---- | M] () -- C:\GHOST.EXE
[1999/04/23 23:22:00 | 000,222,390 | -HS- | M] () -- C:\IO.SYS
[2002/06/26 16:19:02 | 000,000,301 | -H-- | M] () -- C:\IPH.PH
[2002/10/01 16:16:04 | 000,001,712 | RHS- | M] () -- C:\MSDOS.BAK
[2004/01/06 16:34:12 | 000,001,712 | -HS- | M] () -- C:\MSDOS.SYS
[2004/08/31 09:46:21 | 000,047,564 | -HS- | M] () -- C:\ntdetect.com
[2009/11/13 13:38:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/05 16:11:41 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2000/05/24 22:33:56 | 000,000,291 | -H-- | M] () -- C:\PMig.Log
[2003/10/02 10:56:38 | 000,022,690 | -H-- | M] () -- C:\SCANDISK.LOG
[2002/10/01 16:03:34 | 000,000,826 | ---- | M] () -- C:\SETUPXLG.TXT
[2003/12/23 16:32:00 | 000,000,043 | ---- | M] () -- C:\ver.txt
[2002/10/01 15:45:16 | 000,040,960 | -HS- | M] () -- C:\VIDEOROM.BIN
[2005/04/14 16:29:51 | 000,000,039 | ---- | M] () -- C:\WFCNAME.INI

< %PROGRAMFILES%\*. >
[2000/03/30 16:12:38 | 000,000,000 | R--D | M] -- C:\Program Files\Accessories
[2009/12/17 11:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/30 15:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2003/01/25 12:10:30 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/11/13 13:17:02 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/07 08:12:22 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2000/03/30 16:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\CHAT
[2010/07/20 09:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/07/07 09:34:55 | 000,000,000 | R--D | M] -- C:\Program Files\Common Files
[2003/12/23 09:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/11/13 13:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2000/03/30 16:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\DirectX
[2009/11/13 13:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Firefox
[2004/01/06 16:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\FreshDevices
[2009/11/13 13:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/03/03 12:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2010/07/07 07:51:57 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2002/10/02 15:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/05 16:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/13 13:04:25 | 000,000,000 | ---D | M] -- C:\Program Files\JAVA
[2011/04/29 13:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2004/11/10 17:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2000/03/31 09:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft FrontPage
[2010/01/07 13:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/13 13:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/06/24 11:03:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2004/11/10 17:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/05/05 16:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/29 08:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/03/05 13:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/07 13:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/11/13 13:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\msn
[2003/12/23 09:59:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/06/05 09:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/11/13 13:40:56 | 000,000,000 | R--D | M] -- C:\Program Files\NetMeeting
[2005/10/12 17:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2000/03/30 16:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/04/29 12:05:09 | 000,000,000 | R--D | M] -- C:\Program Files\Outlook Express
[2000/03/30 16:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\PLUS!
[2009/11/13 13:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2000/03/31 15:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/03/05 13:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/07 08:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/12/16 17:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2000/05/24 22:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/11/13 13:10:29 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2000/03/30 16:47:14 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2004/03/23 15:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2000/03/31 09:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2006/06/28 11:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect
[2006/12/14 12:26:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/12/17 11:42:41 | 000,000,000 | R--D | M] -- C:\Program Files\Windows Media Player
[2009/11/13 13:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/31 08:42:58 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[1998/04/01 11:00:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2003/12/23 10:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2001/08/23 13:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:disk.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/01/08 11:52:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:usbstor.sys
[2004/08/31 09:41:47 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2009/11/13 13:30:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 02:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-29 16:17:02

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
And here's my Extras log:

OTL Extras logfile created on: 5/5/2011 6:14:41 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 44.00 Mb Available Physical Memory | 18.00% Memory free
1,002.00 Mb Paging File | 671.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.40 Gb Free Space | 70.85% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90200409-6000-11D3-8CFE-0050048383C9}" = System Files Update
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA0CA1B4-5491-11D7-97BC-00055D0CA761}" = Roxio DVDMAX Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA10B02-2D96-4B90-932A-CAAF597FFDB0}" = Fortres 101 5.0
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AED" = AED
"CCleaner" = CCleaner
"Citrix ICA Client" = Citrix ICA Client
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2010 11:04:16 PM | Computer Name = CHRIS | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

Error - 8/29/2010 8:12:14 PM | Computer Name = CHRIS | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8313.0, stamp 4a793d83,
faulting module ntdll.dll, version 5.1.2600.5755, stamp 49901d48, debug? 0, fault
address 0x00002caf.

Error - 8/29/2010 8:12:27 PM | Computer Name = CHRIS | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 11/19/2010 1:54:05 PM | Computer Name = CHRIS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8096, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/19/2010 1:54:05 PM | Computer Name = CHRIS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/19/2010 1:54:09 PM | Computer Name = CHRIS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 8096, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 4/28/2011 12:23:53 PM | Computer Name = CHRIS | Source = MPSampleSubmission | ID = 5000
Description =

Error - 4/28/2011 12:24:29 PM | Computer Name = CHRIS | Source = Microsoft Security Client | ID = 5000
Description =

Error - 4/28/2011 12:53:10 PM | Computer Name = CHRIS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/28/2011 12:49:55 PM | Computer Name = CHRIS | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 5/5/2011 9:36:09 AM | Computer Name = CHRIS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}.
The
error: "%193" Happened while starting this command: "C:\WINDOWS\system32\WISPTIS.EXE"
-Embedding

Error - 5/5/2011 3:35:17 PM | Computer Name = CHRIS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}.
The
error: "%193" Happened while starting this command: "C:\WINDOWS\system32\WISPTIS.EXE"
-Embedding

Error - 5/5/2011 4:13:52 PM | Computer Name = CHRIS | Source = NtServicePack | ID = 921877
Description = Windows XP KB2393802 installation failed. An internal error occurred.


Error - 5/5/2011 4:13:57 PM | Computer Name = CHRIS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007054f: Security Update for Windows XP (KB2393802).

Error - 5/5/2011 4:12:05 PM | Computer Name = CHRIS | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 5/5/2011 4:12:26 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The FGC Replication service failed to start due to the following error:
%%3

Error - 5/5/2011 4:12:26 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The Fortres 101 Update service failed to start due to the following
error: %%3

Error - 5/5/2011 4:12:26 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DVDVRRdr_xp

Error - 5/5/2011 4:30:06 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7031
Description = The .NET Runtime Optimization Service v2.0.50727_X86 service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 60000 milliseconds: Restart the service.

Error - 5/5/2011 4:27:27 PM | Computer Name = CHRIS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}.
The
error: "%193" Happened while starting this command: "C:\WINDOWS\system32\WISPTIS.EXE"
-Embedding


< End of report >

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Random Script Errors and audio files? CF_download_FF

    Random Script Errors and audio files? CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Random Script Errors and audio files? Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Random Script Errors and audio files? Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Thanks for the reply Belahzur! I appreciate the assistance.

Okay, so I attempted to run Combofix a few times. The first time, it didn't make it to the recovery prompts or the scan, very early on it popped up a message saying I had a rootkit in one of my drivers, volsnap.sys, and that it was going to attempt to fix it. I got the BSOD during this process, and upon reboot there's a notepad doc under the Combofix icon on my desktop called "catchme.log", here's the contents of that doc:

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully
File list cleared

I tryed running Combofix again, got through all the recovery steps, got a few minutes into the scan, and the BSOD popped up again. I rebooted and ran it again and got the same result. The combofix.txt file hasn't been created, I tryed openning it using the "run" feature and windows can't find it. Any advice on what to do next?? Thank you.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
TDSSkiller didn't find anything. Here's the log:

2011/05/06 08:24:32.0625 2892 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/06 08:24:33.0031 2892 ================================================================================
2011/05/06 08:24:33.0031 2892 SystemInfo:
2011/05/06 08:24:33.0031 2892
2011/05/06 08:24:33.0031 2892 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/06 08:24:33.0031 2892 Product type: Workstation
2011/05/06 08:24:33.0031 2892 ComputerName: CHRIS
2011/05/06 08:24:33.0031 2892 UserName: Admin
2011/05/06 08:24:33.0031 2892 Windows directory: C:\WINDOWS
2011/05/06 08:24:33.0031 2892 System windows directory: C:\WINDOWS
2011/05/06 08:24:33.0031 2892 Processor architecture: Intel x86
2011/05/06 08:24:33.0031 2892 Number of processors: 1
2011/05/06 08:24:33.0031 2892 Page size: 0x1000
2011/05/06 08:24:33.0031 2892 Boot type: Normal boot
2011/05/06 08:24:33.0031 2892 ================================================================================
2011/05/06 08:24:33.0687 2892 Initialize success
2011/05/06 08:24:38.0265 0284 ================================================================================
2011/05/06 08:24:38.0265 0284 Scan started
2011/05/06 08:24:38.0265 0284 Mode: Manual;
2011/05/06 08:24:38.0265 0284 ================================================================================
2011/05/06 08:24:40.0562 0284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/06 08:24:40.0703 0284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/06 08:24:40.0875 0284 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/06 08:24:41.0015 0284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/06 08:24:41.0156 0284 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/06 08:24:41.0687 0284 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
2011/05/06 08:24:41.0843 0284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/06 08:24:41.0953 0284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/06 08:24:42.0109 0284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/06 08:24:42.0312 0284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/06 08:24:42.0500 0284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/06 08:24:42.0781 0284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/06 08:24:42.0921 0284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/06 08:24:43.0046 0284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/06 08:24:43.0296 0284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/06 08:24:43.0781 0284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/06 08:24:43.0953 0284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/06 08:24:44.0062 0284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/06 08:24:44.0171 0284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/06 08:24:44.0281 0284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/06 08:24:44.0484 0284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/06 08:24:44.0687 0284 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/06 08:24:44.0843 0284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/06 08:24:44.0937 0284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/06 08:24:45.0046 0284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/06 08:24:45.0171 0284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/06 08:24:45.0296 0284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/06 08:24:45.0453 0284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/06 08:24:45.0531 0284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/06 08:24:45.0671 0284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/06 08:24:45.0812 0284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/06 08:24:46.0109 0284 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/06 08:24:46.0312 0284 HSF_DP (d9eb0b254da1a80ebe607cdac8c38e5d) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/06 08:24:46.0515 0284 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/06 08:24:46.0796 0284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/06 08:24:47.0031 0284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/06 08:24:47.0156 0284 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/06 08:24:47.0343 0284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/06 08:24:47.0531 0284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/06 08:24:47.0593 0284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/06 08:24:47.0718 0284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/06 08:24:47.0875 0284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/06 08:24:48.0015 0284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/06 08:24:48.0140 0284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/06 08:24:48.0250 0284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/06 08:24:48.0328 0284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/06 08:24:48.0453 0284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/06 08:24:48.0562 0284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/06 08:24:48.0718 0284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/06 08:24:48.0859 0284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/06 08:24:49.0078 0284 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/06 08:24:49.0203 0284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/06 08:24:49.0328 0284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/06 08:24:49.0500 0284 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/06 08:24:49.0640 0284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/06 08:24:49.0781 0284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/06 08:24:49.0953 0284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/06 08:24:50.0296 0284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/06 08:24:50.0453 0284 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/06 08:24:50.0656 0284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/06 08:24:50.0812 0284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/06 08:24:50.0937 0284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/06 08:24:51.0062 0284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/06 08:24:51.0187 0284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/06 08:24:51.0328 0284 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/06 08:24:51.0453 0284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/06 08:24:51.0578 0284 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/06 08:24:51.0703 0284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/06 08:24:51.0843 0284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/06 08:24:51.0953 0284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/06 08:24:52.0062 0284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/06 08:24:52.0109 0284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/06 08:24:52.0296 0284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/06 08:24:52.0437 0284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/06 08:24:52.0656 0284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/06 08:24:52.0796 0284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/06 08:24:52.0937 0284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/06 08:24:53.0078 0284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/06 08:24:53.0156 0284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/06 08:24:53.0234 0284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/06 08:24:53.0375 0284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/06 08:24:53.0562 0284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/06 08:24:53.0703 0284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/06 08:24:54.0000 0284 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/05/06 08:24:54.0140 0284 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/05/06 08:24:54.0406 0284 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\System32\drivers\pfc.sys
2011/05/06 08:24:54.0562 0284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/06 08:24:54.0671 0284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/06 08:24:54.0750 0284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/06 08:24:55.0125 0284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/06 08:24:55.0250 0284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/06 08:24:55.0406 0284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/06 08:24:55.0546 0284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/06 08:24:55.0625 0284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/06 08:24:55.0765 0284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/06 08:24:55.0890 0284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/06 08:24:56.0031 0284 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/06 08:24:56.0171 0284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/06 08:24:56.0390 0284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/06 08:24:56.0531 0284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/06 08:24:56.0671 0284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/06 08:24:56.0812 0284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/06 08:24:57.0015 0284 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/06 08:24:57.0218 0284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/06 08:24:57.0343 0284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/06 08:24:57.0500 0284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/06 08:24:57.0671 0284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/06 08:24:57.0781 0284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/06 08:24:58.0031 0284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/06 08:24:58.0140 0284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/06 08:24:58.0250 0284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/06 08:24:58.0343 0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/06 08:24:58.0453 0284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/06 08:24:58.0671 0284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/06 08:24:58.0859 0284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/06 08:24:59.0015 0284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/06 08:24:59.0125 0284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/06 08:24:59.0250 0284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/06 08:24:59.0375 0284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/06 08:24:59.0484 0284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/06 08:24:59.0593 0284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/06 08:24:59.0781 0284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/06 08:24:59.0968 0284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/06 08:25:00.0140 0284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/06 08:25:00.0312 0284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/06 08:25:00.0484 0284 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/06 08:25:00.0781 0284 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/06 08:25:00.0921 0284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/06 08:25:01.0046 0284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/06 08:25:01.0171 0284 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/06 08:25:01.0234 0284 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/06 08:25:01.0406 0284 ================================================================================
2011/05/06 08:25:01.0406 0284 Scan finished
2011/05/06 08:25:01.0406 0284 ================================================================================

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Hmm, try Combofix one more time, see if it BSOD's again.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Just ran Combofix again, and got the same result....the autoscan runs for a few minutes, then BSOD.

However, at this point, it seems that the previously described malware is no longer affecting me. I'm no longer getting redirected when clicking google links, no script errors or random auido clips. Is my computer all better now? Should I be concerned that Combofix still crashes?

Thanks Belahzur!

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Not just yet.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
I ran GMER, here's my log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-11 11:41:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.10
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxtdqpod.sys


---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 01100000-021F2000 (17768448 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----


Thanks Belahzur.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Hmm, hidden module. Lets see if we can track it down.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
I just ran the scan, as soon as it got to the end of scanning all the files, I got a Windows Application Error that said:

"The instruction at "0x00434884" referenced memory at "0x00140000". The memory could not be "read"".

"Then Click OK to terminate, CANCEL to debug the program."

I clicked OK, reopened the program, and the report tab is empty. Any Ideas?

Thank you.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Hmm, how is the machine running?

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
It seems to be running just fine, everything in my day-to-day activity seems to be back to normal.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
Just run this for me, I'm still curious about that hidden module.

Please download SpiderKill and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

descriptionRandom Script Errors and audio files? EmptyRe: Random Script Errors and audio files?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum