Internet Security Virus xp [Closed] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Internet Security Virus xp [Closed]

#1 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 13 April 2012 - 08:21 PM

Im using windows xp had internet security virus popups all over my computer, ran some spyware scans and thought i removed everything but now alot of program folders are showing up as empty such as itunes and all my music folders. Ive checked to see that I can see hidden files and everything. I attempt to run a malwarebytes scan but i just get an empty command prompt box and nothing comes up if i try through chameleon. About the only thing that runs fine is firefox. Any help would be appreciated.

#2 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 14 April 2012 - 12:49 PM

Hi there could you run the following programmes in this order

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image
  • The report has been created on the desktop.


  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.


Please post: All RKreport.txt text files located on your desktop.

NEXT

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs


THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 18 April 2012 - 11:12 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#4 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 19 April 2012 - 02:55 PM

Please post the logs :)

#5 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 21 April 2012 - 10:26 AM

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brandon Zoladz [Admin rights]
Mode: Scan -- Date: 04/18/2012 19:28:17

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] narrcmgr.dll -- C:\WINDOWS\narrcmgr.dll -> UNLOADED

¤¤¤ Registry Entries: 12 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-515967899-1614895754-725345543-1004[...]\Run : MusicManager ("C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-515967899-1614895754-725345543-1004_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> FOUND
[BLACKLIST] HKLM\[...]\services : 06409193 (06409193.sys) -> FOUND
[BLACKLIST] HKLM\[...]\services : 06409193 (06409193.sys) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD600BB-75CAA0 +++++
--- User ---
[MBR] ce2cb247e2dd619f15d73b7a5899cffa
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 57184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brandon Zoladz [Admin rights]
Mode: Remove -- Date: 04/18/2012 19:29:58

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] narrcmgr.dll -- C:\WINDOWS\narrcmgr.dll -> UNLOADED

¤¤¤ Registry Entries: 10 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") -> DELETED
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-19_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-20_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-21-515967899-1614895754-725345543-1004_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brandon Zoladz\Application Data\acccore\acccore\klzgc.dll",DllRegisterServer) -> DELETED
[BLACKLIST] HKLM\[...]\services : 06409193 (06409193.sys) -> DELETED
[BLACKLIST] HKLM\[...]\services : 06409193 (06409193.sys) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD600BB-75CAA0 +++++
--- User ---
[MBR] ce2cb247e2dd619f15d73b7a5899cffa
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 57184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Brandon Zoladz [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/18/2012 19:31:56

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] narrcmgr.dll -- C:\WINDOWS\narrcmgr.dll -> UNLOADED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 52 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 140 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



OTL logfile created on: 4/19/2012 3:45:03 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Brandon Zoladz\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 62.17 Mb Available Physical Memory | 24.38% Memory free
617.64 Mb Paging File | 223.00 Mb Available in Paging File | 36.10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 44.14 Gb Free Space | 79.04% Space Free | Partition Type: NTFS

Computer Name: BRANDON-6J16ADV | User Name: Brandon Zoladz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 15:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Zoladz\My Documents\Downloads\OTL.exe
PRC - [2012/03/25 17:08:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/01/11 14:59:48 | 009,068,960 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\devices.exe
PRC - [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 03:56:48 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/25 17:08:09 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 13:30:24 | 000,084,992 | ---- | M] () -- C:\WINDOWS\narrcmgr.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/12/29 19:14:08 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/13 22:08:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/04 10:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2010/08/04 17:41:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...susaimc00000001
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - SOFTWARE\Classes\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\InprocServer32 File not found
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks\plugins\npqmp071701000002.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks\plugins\npqmp071701000002.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01023 [2012/04/04 13:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 18:41:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks [2010/03/01 21:45:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01023 [2012/04/04 13:52:24 | 000,000,000 | ---D | M]

[2010/02/11 19:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Extensions
[2012/03/08 20:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions
[2010/08/07 00:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/08/09 18:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/07 00:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2011/06/20 18:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/20 18:41:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/25 17:08:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/20 18:40:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/25 17:08:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/25 17:08:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2002/06/25 17:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll File not found
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - C:\WINDOWS\system32\AcroIEHelpe095.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-515967899-1614895754-725345543-1004..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1614895754-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52747E32-40E9-45DB-8DDF-E3BA3D74C225}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell - "" = AutoRun
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: fingltmc - (C:\WINDOWS\narrcmgr.dll) - C:\WINDOWS\narrcmgr.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 19:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\RK_Quarantine
[2012/04/13 21:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\A2PESTTG
[2012/04/04 13:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01023
[2012/04/02 16:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\tombradypatsqb
[2012/04/02 16:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\tombradypatsqb
[2012/04/02 10:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01022
[2012/03/31 01:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 13:53:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01021
[2012/03/28 15:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01020
[2012/03/27 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\xp_exe_fix(1)
[2012/03/27 13:01:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/27 13:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Application Data\Malwarebytes
[2012/03/27 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\RegSeeker
[2012/03/26 13:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01019
[2012/03/25 16:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\admintools
[2012/03/25 16:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\accrestore(2)
[2012/03/25 15:54:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/25 15:52:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/25 15:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2012/03/21 19:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 15:48:27 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\tlyu90un.default.dat
[2012/04/19 14:58:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1614895754-725345543-1004UA.job
[2012/04/19 14:00:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 07:57:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1614895754-725345543-1004Core.job
[2012/04/18 18:03:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100728180332.job
[2012/04/17 17:49:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 17:49:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/13 22:08:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/09 19:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 19:52:18 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/04/03 11:21:59 | 000,226,808 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe095.dll
[2012/04/02 13:18:15 | 000,553,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/02 13:18:15 | 000,095,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/28 18:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/25 16:13:59 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\Windows XP Tips - Ramesh.url
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 22:11:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\tlyu90un.default.dat
[2012/04/03 11:21:59 | 000,226,808 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe095.dll
[2012/03/28 18:46:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 13:24:29 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/25 16:13:59 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\Windows XP Tips - Ramesh.url
[2012/03/23 08:40:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/19 16:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Brandon Zoladz\Application Data\$_hpcst$.hpc
[2012/03/16 13:30:23 | 000,084,992 | ---- | C] () -- C:\WINDOWS\narrcmgr.dll
[2012/03/10 14:11:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/11/04 22:12:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== LOP Check ==========

[2010/02/10 21:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/10 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/21 16:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/02/14 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/03/15 20:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/16 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/08 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Zoladz\Application Data\acccore
[2012/03/10 14:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Zoladz\Application Data\TestApp
[2010/05/31 10:49:48 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1267307140.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2002/06/25 17:38:03 | 001,000,960 | ---- | M] (Microsoft Corporation) MD5=5A26FC6010886D25B3E412493DD95ED8 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/06/25 17:47:31 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\tombradypatsqb\Chameleon\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2002/06/25 17:48:55 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\tombradypatsqb\Chameleon\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\winlogon.exe
[2002/06/25 17:50:29 | 000,429,056 | ---- | M] (Microsoft Corporation) MD5=C605FFF733AAD029D6B533E609C8A6E6 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: BRANDON-6J16ADV
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 E CD-ROM 0 B
Volume 2 C NTFS Partition 56 GB Healthy System

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 4/19/2012 3:45:03 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Brandon Zoladz\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 62.17 Mb Available Physical Memory | 24.38% Memory free
617.64 Mb Paging File | 223.00 Mb Available in Paging File | 36.10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 44.14 Gb Free Space | 79.04% Space Free | Partition Type: NTFS

Computer Name: BRANDON-6J16ADV | User Name: Brandon Zoladz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-515967899-1614895754-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{25EF00C6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Consumer DSL 6.1
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECCCF27-CD1F-47CE-AB5A-737511D2A0BD}" = APBA Hockey Commissioner
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"APBA Pro Hockey Commissioner's Assistant" = APBA Pro Hockey Commissioner's Assistant
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DMX5_is1" = DriverMax 5
"doubleTwist" = doubleTwist
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Display Driver" = NVIDIA Display Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-1614895754-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 12:01:04 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00082381.

Error - 4/6/2012 3:08:07 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 4/13/2012 3:03:36 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/13/2012 5:14:18 PM | Computer Name = BRANDON-6J16ADV | Source = swg | ID = 1
Description =

Error - 4/13/2012 5:14:29 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application googletoolbarnotifier.exe, version 4.1.509.1944,
faulting module , version 0.0.0.0, fault address 0x00000000.

Error - 4/13/2012 5:14:35 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application wscntfy.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00792362.

Error - 4/13/2012 7:26:09 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application devices.exe, version 5.4.0.750, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011719.

Error - 4/14/2012 2:17:39 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/15/2012 7:44:03 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/17/2012 5:50:09 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00082381.

[ Application Events ]
Error - 4/5/2012 12:01:04 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00082381.

Error - 4/6/2012 3:08:07 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 4/13/2012 3:03:36 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/13/2012 5:14:18 PM | Computer Name = BRANDON-6J16ADV | Source = swg | ID = 1
Description =

Error - 4/13/2012 5:14:29 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application googletoolbarnotifier.exe, version 4.1.509.1944,
faulting module , version 0.0.0.0, fault address 0x00000000.

Error - 4/13/2012 5:14:35 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application wscntfy.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00792362.

Error - 4/13/2012 7:26:09 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application devices.exe, version 5.4.0.750, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00011719.

Error - 4/14/2012 2:17:39 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/15/2012 7:44:03 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x000823da.

Error - 4/17/2012 5:50:09 PM | Computer Name = BRANDON-6J16ADV | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00082381.

[ System Events ]
Error - 4/14/2012 3:39:05 PM | Computer Name = BRANDON-6J16ADV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4/15/2012 3:12:52 PM | Computer Name = BRANDON-6J16ADV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4/15/2012 7:44:26 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%3

Error - 4/15/2012 7:44:26 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 4/15/2012 7:44:26 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 4/17/2012 5:50:22 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%3

Error - 4/17/2012 5:50:22 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 4/17/2012 5:50:23 PM | Computer Name = BRANDON-6J16ADV | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 4/17/2012 5:50:25 PM | Computer Name = BRANDON-6J16ADV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4/18/2012 6:10:20 PM | Computer Name = BRANDON-6J16ADV | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service gusvc with arguments
"" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}


< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 16:04:37
-----------------------------
16:04:37.703 OS Version: Windows 5.1.2600 Service Pack 2
16:04:37.703 Number of processors: 1 586 0x207
16:04:37.718 ComputerName: BRANDON-6J16ADV UserName: Brandon Zoladz
16:04:39.343 Initialize success
16:05:09.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:05:09.406 Disk 0 Vendor: WDC_WD600BB-75CAA0 16.06V16 Size: 57220MB BusType: 3
16:05:09.421 Disk 0 MBR read successfully
16:05:09.421 Disk 0 MBR scan
16:05:09.421 Disk 0 Windows XP default MBR code
16:05:09.421 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
16:05:09.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57184 MB offset 64260
16:05:09.421 Disk 0 scanning sectors +117178110
16:05:09.546 Disk 0 scanning C:\WINDOWS\system32\drivers
16:05:16.187 Service scanning
16:05:29.953 Modules scanning
16:05:43.734 Disk 0 trace - called modules:
16:05:43.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
16:05:43.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8238eab8]
16:05:43.812 3 CLASSPNP.SYS[f9ab305b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823d0b58]
16:05:44.062 Scan finished successfully
16:06:38.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brandon Zoladz\Desktop\MBR.dat"
16:06:38.562 The log file has been saved successfully to "C:\Documents and Settings\Brandon Zoladz\Desktop\aswMBR.txt"

#6 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 21 April 2012 - 11:16 AM

Do you have all your folders and icons back now ?

Some of your files are reported as being forged so I will need to check them out

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote

    :OTL
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
    IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
    IE - HKU\S-1-5-21-515967899-1614895754-725345543-1004\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - SOFTWARE\Classes\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\InprocServer32 File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
    O36 - AppCertDlls: fingltmc - (C:\WINDOWS\narrcmgr.dll) - C:\WINDOWS\narrcmgr.dll ()
    [2012/04/02 16:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\tombradypatsqb
    [2012/04/02 16:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\tombradypatsqb
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\h\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\procs\explorer.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Brandon Zoladz\Local Settings\Temp\RarSFX1\winlogon.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image

  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 21 April 2012 - 04:37 PM

After the first scans my folders are still all showing up as empty..itunes, safari, quicktime, winwar etc all just have (empty) listed. I have malwarebytes but it wont open. I did the otl scan and this is the log..

OTL logfile created on: 4/21/2012 2:04:09 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Brandon Zoladz\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 40.85 Mb Available Physical Memory | 16.02% Memory free
617.64 Mb Paging File | 341.04 Mb Available in Paging File | 55.22% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 44.57 Gb Free Space | 79.81% Space Free | Partition Type: NTFS

Computer Name: BRANDON-6J16ADV | User Name: Brandon Zoladz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 13:35:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon Zoladz\My Documents\Downloads\OTL(1).exe
PRC - [2012/03/25 17:08:11 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/01/11 14:59:48 | 009,068,960 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\devices.exe
PRC - [2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/25 17:08:09 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/13 22:08:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/04 10:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2010/08/04 17:41:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...susaimc00000001
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks\plugins\npqmp071701000002.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks\plugins\npqmp071701000002.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Brandon Zoladz\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01023 [2012/04/04 13:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 17:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 18:41:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Brandon Zoladz\Application Data\Move Networks [2010/03/01 21:45:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\01023 [2012/04/04 13:52:24 | 000,000,000 | ---D | M]

[2010/02/11 19:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Extensions
[2012/03/08 20:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions
[2010/08/07 00:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/08/09 18:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/07 00:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon Zoladz\Application Data\Mozilla\Firefox\Profiles\7qq1v23u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2011/06/20 18:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/20 18:41:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/25 17:08:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/06/20 18:40:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/25 17:08:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/25 17:08:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/21 13:55:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - C:\WINDOWS\system32\AcroIEHelpe095.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52747E32-40E9-45DB-8DDF-E3BA3D74C225}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell - "" = AutoRun
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc19194a-e7b8-11df-8eff-00c0a88c14ba}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 13:38:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/18 19:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\RK_Quarantine
[2012/04/13 21:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\A2PESTTG
[2012/04/04 13:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01023
[2012/04/02 10:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01022
[2012/03/31 01:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/30 13:53:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01021
[2012/03/28 15:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01020
[2012/03/27 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\xp_exe_fix(1)
[2012/03/27 13:01:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/27 13:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Application Data\Malwarebytes
[2012/03/27 11:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\RegSeeker
[2012/03/26 13:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\01019
[2012/03/25 16:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\admintools
[2012/03/25 16:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon Zoladz\Desktop\accrestore(2)
[2012/03/25 15:54:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/25 15:52:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012/03/25 15:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock

========== Files - Modified Within 30 Days ==========

[2012/04/21 14:00:42 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 14:00:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 13:58:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1614895754-725345543-1004UA.job
[2012/04/21 13:55:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/21 13:55:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\tlyu90un.default.dat
[2012/04/21 07:57:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1614895754-725345543-1004Core.job
[2012/04/20 18:03:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100728180332.job
[2012/04/19 16:06:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\MBR.dat
[2012/04/17 17:49:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/13 22:08:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/09 19:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 19:52:18 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/04/03 11:21:59 | 000,226,808 | ---- | M] () -- C:\WINDOWS\System32\AcroIEHelpe095.dll
[2012/04/02 13:18:15 | 000,553,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/02 13:18:15 | 000,095,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/28 18:46:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/25 16:13:59 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\Windows XP Tips - Ramesh.url

========== Files Created - No Company Name ==========

[2012/04/19 16:06:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\MBR.dat
[2012/04/05 22:11:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\tlyu90un.default.dat
[2012/04/03 11:21:59 | 000,226,808 | ---- | C] () -- C:\WINDOWS\System32\AcroIEHelpe095.dll
[2012/03/28 18:46:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 13:24:29 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012/03/25 16:13:59 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Brandon Zoladz\Desktop\Windows XP Tips - Ramesh.url
[2012/03/23 08:40:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/19 16:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Brandon Zoladz\Application Data\$_hpcst$.hpc
[2012/03/10 14:11:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/11/04 22:12:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== LOP Check ==========

[2010/02/10 21:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/10 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/07/21 16:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/02/14 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/03/15 20:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/16 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/03/08 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Zoladz\Application Data\acccore
[2012/03/10 14:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon Zoladz\Application Data\TestApp
[2010/05/31 10:49:48 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1267307140.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


I did the combofix and after the initial like the one pictured a blue box came up saying scanning for malware should take about 10 minutes, i waited about 4 hours and it just seemed as if it was frozen.

#8 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 22 April 2012 - 03:39 AM

Could you try combofix from safe mode please. If it fails again then :

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#9 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 22 April 2012 - 02:27 PM

I tried doing the combofix again in safe mode and the same thing happened, just did nothing for a few hours and appeared frozen despite saying it should be done in ten minutes. Ive attached the threats and the system info.

Attached File(s)


#10 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 22 April 2012 - 02:35 PM

Could you attach the entire zip file please as I need to see the HTM version

All the virus scan found was stuff that we had allready quarantined. I have come across some systems where combofix fails to run for unknown reasons. But it is a very small percentage.

How is the computer behaving at the moment ?

For the empty files/folders you could try this

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image

#11 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 23 April 2012 - 03:19 PM

Alot of my folders are still showing up as empty, If i click over them it says the folder name but that it contains 0 bytes, Ive tried to reinstall a few and it says there is a problem with the windows installer package. I have all the accessories back now. Im not sure how to upload the entire zip, everytime i try it says im not permitted to upload that kind of file.

#12 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 23 April 2012 - 03:23 PM

Could you upload the folder to an online sharing site l;ike mediafire and post the sharing link please

#13 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 23 April 2012 - 07:33 PM

http://www.mediafire...ktogb9w7jpd7e3l

#14 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,513
  • Joined: 31-May 06

Posted 24 April 2012 - 01:05 PM

I can see no reason for Combofix to stall - what are your current problems ?

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution

    Posted Image

  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End

    Posted Image

    begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DelCLSID('{89820200-ECBD-11cf-8B85-00AA005B4340}');
 DelCLSID('{2C7339CF-2B09-4501-B3F3-F3508C9228ED}');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

#15 zofire77

  • Group: Member
  • Posts: 16
  • Joined: 13-April 12

Posted 24 April 2012 - 04:23 PM

Every folder is still the same and showing up as empty. I can try to run the combofix again but both times after 4 hours it was just sitting on the blue screen with the yellow cursor flashing; is it ever supposed to take that long?....heres the latest scans http://www.mediafire...7eds2z24dks077t

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3