Solved Beat Window Repair! Stuck with Random Sound, Google Redirect virus & script errors

Status
Not open for further replies.
ComboFix 11-04-17.03 - Parent 04/18/2011 12:08:35.3.1 - x86
Running from: c:\documents and settings\Parent\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Parent\My Documents\CFScript.txt
.
FILE ::
"c:\docume~1\Parent\LOCALS~1\Temp\ZULNDSHL.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system\oeminfo.ini
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ZULNDSHL
-------\Service_ZULNDSHL
.
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-18 15:18 . 2011-04-18 15:18 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-18 15:18 . 2011-04-18 15:18 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-18 15:18 . 2011-04-18 15:18 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-18 15:18 . 2011-04-18 15:18 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-14 18:52 . 2011-04-14 19:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-14 16:51 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:51 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-14 16:51 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-14 16:51 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-14 16:51 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-14 16:51 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-14 16:51 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-14 16:51 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-14 16:50 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-14 16:50 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-14 16:50 . 2011-04-14 16:50 -------- d-----w- c:\program files\AVAST Software
2011-04-14 16:50 . 2011-04-14 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-12 21:15 . 2011-04-12 21:15 388096 ----a-r- c:\documents and settings\Parent\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-04 04:06 . 2011-04-04 04:06 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-04 04:00 . 2011-04-04 04:00 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\Sunbelt Software
2011-04-04 03:42 . 2011-04-18 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-04 03:42 . 2011-04-04 03:42 -------- d-----w- c:\program files\Lavasoft
2011-04-03 03:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 03:13 . 2011-04-03 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 03:05 . 2011-04-03 03:05 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-04-02 22:03 . 2011-04-02 22:03 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\PackageAware
2011-04-01 16:37 . 2011-04-04 16:49 -------- d-----w- c:\program files\Windows Live Safety Center
2011-04-01 16:18 . 2002-12-31 12:00 4224 ----a-w- c:\windows\system32\beep.sys
2011-04-01 01:30 . 2011-04-01 01:31 -------- d-----w- C:\ca7a77c2a8b4afc14cc4c4
2011-04-01 01:19 . 2011-04-01 01:19 -------- d-----w- c:\windows\system32\GroupPolicy
2011-03-31 23:34 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-21 18:49 . 2011-03-21 18:49 -------- d-----w- c:\documents and settings\Parent\Application Data\Unity
2011-03-21 18:39 . 2011-03-21 18:39 -------- d-----w- c:\documents and settings\Parent\Local Settings\Application Data\Unity
2011-03-21 18:32 . 2011-03-21 18:32 1409 ----a-w- c:\windows\QTFont.for
2011-03-21 18:32 . 2011-03-21 18:32 -------- d-----w- c:\program files\Blaster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 20:15 . 2008-08-30 15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-23 20:15 . 2011-01-23 20:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-25 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
.
R1 MpKsl0880951c;MpKsl0880951c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF2D3AA-02E6-4C66-A278-535556FCAB15}\MpKsl0880951c.sys [x]
R1 MpKsl220bf6b1;MpKsl220bf6b1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsl220bf6b1.sys [x]
R1 MpKsl410b4a1e;MpKsl410b4a1e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsl410b4a1e.sys [x]
R1 MpKsl4ad2c2ce;MpKsl4ad2c2ce;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B11DBB3-7A29-4226-9ACF-0AA015CCE8D3}\MpKsl4ad2c2ce.sys [x]
R1 MpKsl60c5c3e1;MpKsl60c5c3e1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DCF2D3AA-02E6-4C66-A278-535556FCAB15}\MpKsl60c5c3e1.sys [x]
R1 MpKsl8efd0456;MpKsl8efd0456;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E652C3C9-B2F7-499E-853B-071F3CEAFE66}\MpKsl8efd0456.sys [x]
R1 MpKsla456af21;MpKsla456af21;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{807DAD6B-20F4-490D-8D24-D045AC1C9AC8}\MpKsla456af21.sys [x]
R1 MpKsld1cd1d70;MpKsld1cd1d70;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12E0912F-7805-4375-9D63-66459C119050}\MpKsld1cd1d70.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\DRIVERS\LSWLUSB.sys [2002-06-07 54083]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:45]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:45]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003Core.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-19 20:45]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003UA.job
- c:\documents and settings\Parent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-19 20:45]
.
2011-04-14 c:\windows\Tasks\Norton Security Scan for Parent.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-30 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 12:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-04-18 12:23:07
ComboFix-quarantined-files.txt 2011-04-18 16:23
.
Pre-Run: 62,698,266,624 bytes free
Post-Run: 62,737,125,376 bytes free
.
- - End Of File - - 33DBFCC98081BCFFDFD7BFD7CD17CB04
 
Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is running better that ever! I will be performing the above later. Have five kids home for spring break. Thank you for all your help.
 
I downloaded OTL.exe and received this error message when trying to run it:
C:\Documents and Settings|\Parent\Desktop\OTL.exe is not a valid Win32 Application.
 
OTL logfile created on: 4/19/2011 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Parent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 58.41 Gb Free Space | 78.37% Space Free | Partition Type: NTFS

Computer Name: K12-B0A07AEA2F9 | User Name: Parent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 15:10:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/04 04:11:40 | 004,530,176 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12CFG.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 15:10:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2005/03/24 17:21:22 | 000,038,937 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/03/26 13:08:54 | 000,122,112 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet58lx.sys -- (FVNETusb)
DRV - [2002/12/31 08:00:00 | 004,356,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2002/12/31 08:00:00 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/12/31 08:00:00 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/31 08:00:00 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2002/06/07 06:31:26 | 000,054,083 | R--- | M] (The Linksys Group, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LSWLUSB.sys -- (WUSB12)
DRV - [2000/10/15 17:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.k12.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/07 18:28:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/24 18:50:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/15 16:12:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12CFG.exe (The Linksys Group, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1179847293578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_07)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Parent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Parent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/24 18:35:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 15:10:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2011/04/19 15:09:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/15 12:03:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/15 11:50:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/15 11:50:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/15 11:50:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/15 11:50:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/15 11:45:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 11:44:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/15 11:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\logs
[2011/04/14 15:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\malware
[2011/04/14 15:24:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Parent\My Documents\TFC.exe
[2011/04/14 14:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/14 12:51:29 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/14 12:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/04/14 12:51:28 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/14 12:51:25 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/14 12:51:24 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/14 12:51:24 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/14 12:51:22 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/14 12:51:22 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/14 12:51:22 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/14 12:50:38 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/14 12:50:36 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/14 12:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/14 12:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/12 14:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Desktop\RootkitRevealer
[2011/04/07 09:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/04 00:06:42 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/04 00:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\Sunbelt Software
[2011/04/03 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/03 23:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/02 23:13:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/02 23:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/02 23:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/04/02 22:49:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Parent\Recent
[2011/04/02 18:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\PackageAware
[2011/04/02 13:57:48 | 006,836,912 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Parent\My Documents\mbam-rules.exe
[2011/04/01 12:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/04/01 09:44:13 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Parent\My Documents\avg_isct_stb_all_2011_1209.exe
[2011/03/31 21:30:43 | 000,000,000 | ---D | C] -- C:\ca7a77c2a8b4afc14cc4c4
[2011/03/31 21:19:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/31 19:06:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/21 14:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Application Data\Unity
[2011/03/21 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Parent\Local Settings\Application Data\Unity
[2011/03/21 14:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blaster
[2011/03/21 14:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blaster
[1 C:\Documents and Settings\Parent\My Documents\*.tmp files -> C:\Documents and Settings\Parent\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/19 15:10:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe
[2011/04/19 14:58:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/19 14:58:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/19 14:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/19 14:57:26 | 468,008,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 11:36:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/19 11:25:13 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003UA.job
[2011/04/18 11:57:46 | 004,324,176 | R--- | M] () -- C:\Documents and Settings\Parent\My Documents\ComboFix.exe
[2011/04/16 16:28:05 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2322712386-359561344-2389969595-1003Core.job
[2011/04/15 16:12:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/15 15:56:34 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\Shortcut to ComboFix.exe.lnk
[2011/04/15 12:04:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/15 11:34:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\MBRCheck.exe
[2011/04/14 21:25:07 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\dds.scr
[2011/04/14 19:10:26 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\3235yf8f.exe
[2011/04/14 19:09:45 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/14 19:09:45 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/14 15:24:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\My Documents\TFC.exe
[2011/04/14 15:16:31 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Parent.job
[2011/04/14 12:45:58 | 054,154,640 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\setup_av_free_eng.exe
[2011/04/14 11:15:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/12 14:55:03 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\RootkitRevealer.zip
[2011/04/08 07:20:38 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/04/04 00:06:42 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/02 23:13:55 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 20:26:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 19:36:39 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\HijackThis.msi
[2011/04/02 18:29:18 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\iExplore.exe
[2011/04/02 13:57:48 | 006,836,912 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Parent\My Documents\mbam-rules.exe
[2011/04/01 10:42:37 | 571,322,368 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2011/04/01 09:52:43 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\WindowsDefender.msi
[2011/04/01 09:44:25 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Parent\My Documents\avg_isct_stb_all_2011_1209.exe
[2011/03/31 19:23:58 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/31 17:28:49 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\Dateline
[2011/03/31 17:28:02 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/31 17:28:01 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\Google Chrome.lnk
[2011/03/31 17:20:50 | 000,456,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/31 17:20:49 | 000,112,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/29 22:33:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\45553.ini
[2011/03/29 22:33:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\45550.ini
[2011/03/26 10:50:14 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Parent\jagex_runescape_preferences.dat
[2011/03/26 10:49:51 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Parent\jagex_runescape_preferences2.dat
[2011/03/21 14:35:38 | 000,054,156 | ---- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/21 14:32:49 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[1 C:\Documents and Settings\Parent\My Documents\*.tmp files -> C:\Documents and Settings\Parent\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/15 15:56:34 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\Shortcut to ComboFix.exe.lnk
[2011/04/15 12:04:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/15 12:03:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 11:50:55 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/15 11:50:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/15 11:50:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/15 11:50:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/15 11:50:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/15 11:40:49 | 004,324,176 | R--- | C] () -- C:\Documents and Settings\Parent\My Documents\ComboFix.exe
[2011/04/15 11:34:30 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\MBRCheck.exe
[2011/04/14 21:24:56 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\dds.scr
[2011/04/14 19:10:13 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\3235yf8f.exe
[2011/04/14 15:36:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/14 15:36:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/14 12:45:58 | 054,154,640 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\setup_av_free_eng.exe
[2011/04/12 14:55:01 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\RootkitRevealer.zip
[2011/04/07 09:59:22 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/04/07 09:59:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/04/02 23:13:55 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 22:21:27 | 468,008,960 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/02 19:36:34 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\HijackThis.msi
[2011/04/02 18:29:07 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\iExplore.exe
[2011/04/01 10:51:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/01 10:42:37 | 571,322,368 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2011/04/01 09:52:43 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\Parent\My Documents\WindowsDefender.msi
[2011/03/31 19:12:39 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/31 17:28:49 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Parent\Desktop\Dateline
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\45553.ini
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\45550.ini
[2011/03/21 14:32:49 | 000,054,156 | ---- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/03/21 14:32:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/03/18 13:18:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/05 12:43:51 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/10/29 12:25:12 | 000,000,122 | ---- | C] () -- C:\WINDOWS\tlcapps.ini
[2010/09/04 13:08:28 | 000,019,519 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/01 14:49:54 | 000,000,314 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2010/05/01 14:48:08 | 000,001,204 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/11/05 16:28:07 | 000,001,127 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2009/11/05 16:26:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/10/25 13:55:04 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.dll
[2009/06/04 16:03:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/08/25 09:35:51 | 000,137,607 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2008/08/25 09:35:51 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2007/05/22 11:03:35 | 000,095,062 | ---- | C] () -- C:\WINDOWS\ALT Access Uninstaller.exe
[2007/04/25 12:14:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/25 10:49:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/25 10:38:00 | 000,639,933 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2007/04/25 10:38:00 | 000,000,670 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/04/24 18:40:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/24 18:32:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/24 14:22:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/24 14:21:17 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/12/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/12/31 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/12/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/12/31 08:00:00 | 000,456,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/12/31 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/12/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/12/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/12/31 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/12/31 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/12/31 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/12/31 08:00:00 | 000,112,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/12/31 08:00:00 | 000,112,425 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2002/12/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/12/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/12/31 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/12/31 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/12/31 08:00:00 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/12/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/14 12:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/05/02 12:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/02/01 19:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/02 22:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parent\Application Data\aignes
[2011/03/28 10:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parent\Application Data\Elluminate
[2011/02/01 18:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parent\Application Data\Registry Mechanic
[2011/03/21 14:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parent\Application Data\Unity

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/17 21:22:24 | 000,007,164 | ---- | M] () -- C:\aaw7boot.log
[2007/04/24 18:35:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/24 00:49:42 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/15 12:04:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/18 12:23:08 | 000,012,218 | ---- | M] () -- C:\ComboFix.txt
[2007/04/24 18:35:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/19 14:57:26 | 468,008,960 | -HS- | M] () -- C:\hiberfil.sys
[2007/04/24 18:35:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/04/24 18:35:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/12/31 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/01 18:43:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/19 14:57:25 | 701,911,040 | -HS- | M] () -- C:\pagefile.sys
[2004/03/17 18:13:46 | 001,028,368 | ---- | M] (Microsoft Corporation) -- C:\vbrun60sp6.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/24 18:34:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/12/11 11:28:22 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/04/24 14:20:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/04/24 14:20:52 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/04/24 14:20:52 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/02/01 18:54:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/25 09:24:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/04/25 09:24:17 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Parent\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/02 18:29:18 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Parent\Desktop\iExplore.exe
[2011/04/19 15:10:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/04/14 19:10:26 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\3235yf8f.exe
[2011/04/01 09:44:25 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Parent\My Documents\avg_isct_stb_all_2011_1209.exe
[2011/04/18 11:57:46 | 004,324,176 | R--- | M] () -- C:\Documents and Settings\Parent\My Documents\ComboFix.exe
[2011/04/02 13:57:48 | 006,836,912 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Parent\My Documents\mbam-rules.exe
[2011/04/15 11:34:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\MBRCheck.exe
[2011/04/01 09:54:13 | 063,976,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Parent\My Documents\mpam-fe.exe
[2011/04/01 09:49:57 | 015,276,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Parent\My Documents\mpas-fe.exe
[2011/03/31 21:07:34 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Parent\My Documents\mseinstall.exe
[2011/04/14 12:45:58 | 054,154,640 | ---- | M] () -- C:\Documents and Settings\Parent\My Documents\setup_av_free_eng.exe
[2011/04/14 15:24:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Parent\My Documents\TFC.exe
[2011/04/01 17:05:57 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Parent\My Documents\windows-kb890830-v3.17.exe
[2011/04/01 08:48:56 | 012,987,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Parent\My Documents\windows-kb890830-x64-v3.17.exe
[1 C:\Documents and Settings\Parent\My Documents\*.tmp files -> C:\Documents and Settings\Parent\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/25 09:24:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Parent\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
ALT Access Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/18 09:19:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Parent\Cookies\desktop.ini
[2011/04/19 15:09:13 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\Parent\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 20:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/02 14:07:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/04/13 20:11:59 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 14:07:27 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 14:04:01 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
 
OTL Extras logfile created on: 4/19/2011 3:12:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Parent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 18.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 58.41 Gb Free Space | 78.37% Space Free | Partition Type: NTFS

Computer Name: K12-B0A07AEA2F9 | User Name: Parent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{081CC220-41DC-11D4-BFF9-005004D39736}" = Slot Car Racing
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1271176E-D68F-4E6A-9ED2-A1ED841852F5}" = Instant Wireless Compact USB Adapter Configuration Utility
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{D859D35F-E947-4F2A-8591-C76A4D116178}" = Dora Backpack
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"aigneslocalwebsitearchive" = Local Website Archive 3.1.1
"ALT Access" = ALT Access
"Arthur's 1st Grade" = Arthur's 1st Grade
"Arthur's Camping Adventure" = Arthur's Camping Adventure
"Arthur's Kindergarten" = Arthur's Kindergarten
"Arthur's Math Games" = Arthur's Math Games
"Arthur's Reading Games" = Arthur's Reading Games
"Arthur's Reading Race" = Arthur's Reading Race
"Arthur's Thinking Games" = Arthur's Thinking Games
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Bots of Fun - 10 Great Robots Games!" = Bots of Fun - 10 Great Robots Games!
"Dora's World Adventure" = Dora's World Adventure
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Julie Saves the Eagles" = Julie Saves the Eagles (remove only)
"JumpStart Advanced Kindergarten" = JumpStart Advanced Kindergarten
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"Rainbow Fish-U.S. English" = Rainbow Fish
"Reader Rabbit Personalized 2nd Grade" = Reader Rabbit Personalized 2nd Grade
"RealPlayer 6.0" = RealPlayer
"TS2AC" = Toy Story 2 Activity Center
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2322712386-359561344-2389969595-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2011 9:33:28 AM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/11/2011 9:33:28 AM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/11/2011 11:12:18 AM | Computer Name = K12-B0A07AEA2F9 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This operation returned because the timeout period expired.

Error - 1/11/2011 11:12:18 AM | Computer Name = K12-B0A07AEA2F9 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The specified server cannot perform the requested operation.

Error - 1/12/2011 9:09:07 AM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/12/2011 9:09:07 AM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/12/2011 3:09:23 PM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 1/12/2011 3:09:24 PM | Computer Name = K12-B0A07AEA2F9 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 1/15/2011 5:23:04 PM | Computer Name = K12-B0A07AEA2F9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/15/2011 5:23:04 PM | Computer Name = K12-B0A07AEA2F9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 4/19/2011 3:06:09 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:07:12 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:08:15 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:09:18 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:10:21 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:11:24 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:12:28 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:13:31 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:14:34 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.

Error - 4/19/2011 3:15:37 PM | Computer Name = K12-B0A07AEA2F9 | Source = WUSB12 | ID = 5002
Description = Instant Wireless Compact USB Adapter : Has determined that the adapter
is not functioning properly.


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
[1 C:\Documents and Settings\Parent\My Documents\*.tmp files -> C:\Documents and Settings\Parent\My Documents\*.tmp -> ]
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\45553.ini
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Parent\Application Data\45550.ini
[2011/02/01 18:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parent\Application Data\Registry Mechanic
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
log but not last scans...

All processes killed
========== OTL ==========
Error: Unable to stop service mfetdik!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik deleted successfully.
C:\WINDOWS\system32\drivers\mfetdik.sys moved successfully.
Service MfeRKDK stopped successfully!
Service MfeRKDK deleted successfully!
C:\WINDOWS\system32\drivers\mferkdk.sys moved successfully.
C:\Documents and Settings\Parent\My Documents\~WRL3316.tmp deleted successfully.
C:\Documents and Settings\Parent\Application Data\45553.ini moved successfully.
C:\Documents and Settings\Parent\Application Data\45550.ini moved successfully.
C:\Documents and Settings\Parent\Application Data\Registry Mechanic folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Parent
->Temp folder emptied: 31197403 bytes
->Temporary Internet Files folder emptied: 78154212 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 15516 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85983 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 76092 bytes

Total Files Cleaned = 105.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Parent
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04212011_125013

Files\Folders moved on Reboot...
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\NCNY1I18\60x600;ord=1303401520250;u=i_8614416228073323206_m_175507;dcopt=ist;tile=1;um=0;us=13;eb_trk=175507;pr=20;xp=20;np=20;uz=;cg=78baa88112f0a0aa17307440fef0e1ce[1].htm moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\NCNY1I18\topic163804-2[3].html moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\1V8RD2AC\i[3].html moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\1V8RD2AC\likebox[1].htm moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\1V8RD2AC\sh39[1].html moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...
 
Security Check:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_07
Out of date Java installed!
Adobe Flash Player 9.0.124.0
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
Uninstall:
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_07

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.


...and Eset....
 
ESET log:

C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753878.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753879.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753880.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753881.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753882.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP469\A0753883.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{F03E52E3-72EA-4EDF-970E-B80C1EDDBEE3}\RP482\A0769360.sys Win32/Olmasco.E trojan
 
All findings are in your restore points, which we're about to reset...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Ran OTL to reset sytem restore here is the log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Parent
->Temp folder emptied: 22499 bytes
->Temporary Internet Files folder emptied: 18946102 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 685 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19015 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Parent
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_070657

Files\Folders moved on Reboot...
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\XER81YT3\sh39[1].html moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\7NFNB59A\partner[1].htm moved successfully.
C:\Documents and Settings\Parent\Local Settings\Temporary Internet Files\Content.IE5\6GSQMCQU\topic163804-2[2].html moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

learninmypc
Solved Slow to boot up & shut down
Replies
6
Views
4K
Broni
Broni
D
Solved Very Slow on Startup, Constantly Unresponsive and Script and Plugin Errors
Replies
21
Views
13K
Broni
Broni
H
BSOD, now stuck on startup repair
Replies
1
Views
2K
Tmagic650
Tmagic650

Latest posts

Back