Solved Can not get rid of System Tools Virus!

wksda623 · 2011/01/01

OTL Extras logfile created on: 1/1/2011 6:57:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Weelsl623\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 66.82 Gb Free Space | 44.83% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 19.70 Gb Free Space | 26.44% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.72 Gb Free Space | 91.79% Space Free | Partition Type: FAT
Drive Y: | 915.91 Gb Total Space | 822.86 Gb Free Space | 89.84% Space Free | Partition Type: NTFS

Computer Name: WEEKSL623 | User Name: Weelsl623 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\G-Lock Software\G-Lock SpamCombat\gsc.exe" = C:\Program Files\G-Lock Software\G-Lock SpamCombat\gsc.exe:*:Enabled:G-Lock SpamCombat -- (G-Lock Software)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\InboxDollars\TroubleShooter.exe" = C:\Program Files\InboxDollars\TroubleShooter.exe:*:Enabled:InboxDollars (Helper) -- (FreeCause Inc.)
"C:\Program Files\InboxDollars\ToolbarUpdate.exe" = C:\Program Files\InboxDollars\ToolbarUpdate.exe:*:Enabled:InboxDollars (Update) -- (FreeCause Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (UPWARDSQL)
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55638DD9-D5A9-11D3-B74B-204C4F4F5020}" = AMD's Cool'n'Quiet (tm) Technology Version 1.0.1
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{5A39D5C2-A28B-421D-925A-0390FD1E5529}_is1" = Hot CPU Tester Pro 4.4.1
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7107A761-B2F7-4BB0-84DA-CD90B562A72D}" = Director
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A10A14F5-DF18-4151-9EB0-B79ABBFE6863}" = WebReg
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B6D4C963-742C-46BF-BC7A-16ADD39FF3B7}" = Destinations
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{B99998A3-4E52-40C5-A173-BBAD34B64BEA}" = SWLive
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{CAFECAFE-0013-0001-0126-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.26
"{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}" = U232 P9/P25 V2.98
"{E4E929CE-EF1D-407C-A14B-E1DDEDA8FA0E}" = Canon Camera TWAIN Driver
"{E889F95A-B9E3-4580-B3D7-43DBC9C9CD43}" = TrayApp
"{EC16B64A-38A7-4D7D-BA2E-671ED441304F}" = ULi PCI to AGP Controller Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DeskJet 6800 Installer" = HP Deskjet 6800
"FileZilla Client" = FileZilla Client 3.0.7.1
"G-Lock SpamCombat_is1" = G-Lock SpamCombat
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InboxDollars" = InboxDollars
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{E4E929CE-EF1D-407C-A14B-E1DDEDA8FA0E}" = Canon Camera TWAIN Driver 6.6
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MonitorTest_is1" = MonitorTest V3.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Product_Name" = PersonalWebKit
"QuickTime" = QuickTime
"Revo Uninstaller" = Revo Uninstaller 1.89
"Security Task Manager" = Security Task Manager 1.7e
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"ULi M5289 SATA Controller Driver" = ULi M5289 SATA Controller Driver
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"Windows 2000 Service Pack" = Windows 2000 Service Pack 4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XXClone" = XXClone ver 0.58.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2010 7:19:32 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 12/31/2010 8:07:31 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 12/31/2010 9:02:45 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 12/31/2010 9:48:22 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 1/1/2011 10:11:20 AM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 1/1/2011 6:52:39 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 1/1/2011 7:05:56 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 1/1/2011 7:14:51 PM | Computer Name = WEEKSL623 | Source = MSSQL$UPWARDSQL | ID = 17113
Description = Error 2(The system cannot find the file specified.) occurred while
opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'
to obtain configuration information at startup. An invalid startup option might
have caused the error. Verify your startup options, and correct or remove them
if necessary.

Error - 1/1/2011 7:21:10 PM | Computer Name = WEEKSL623 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/1/2011 7:21:14 PM | Computer Name = WEEKSL623 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 1/1/2011 10:11:25 AM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt SASDIFSV SASKUTIL

Error - 1/1/2011 6:52:39 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (UPWARDSQL) service terminated with service-specific
error 17113 (0x42D9).

Error - 1/1/2011 6:52:39 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 1/1/2011 6:52:42 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt SASDIFSV SASKUTIL

Error - 1/1/2011 7:05:57 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (UPWARDSQL) service terminated with service-specific
error 17113 (0x42D9).

Error - 1/1/2011 7:05:57 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 1/1/2011 7:06:00 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt SASDIFSV SASKUTIL

Error - 1/1/2011 7:14:52 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (UPWARDSQL) service terminated with service-specific
error 17113 (0x42D9).

Error - 1/1/2011 7:14:52 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 1/1/2011 7:14:55 PM | Computer Name = WEEKSL623 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BANTExt SASDIFSV SASKUTIL

< End of report >

broni · 2011/01/01

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
DRV - File not found [Kernel | System | Stopped] -- C:\WINNT\System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINNT\System32\ZoneLabs\srescan.sys -- (srescan)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.order.1:  "Ask.com "
[2010/07/24 13:23:34 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\searchplugins\askcom.xml
O2 - BHO: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace.com/mypoints.ma...ointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
[2011/01/01 19:01:01 | 000,000,242 | ---- | M] () -- C:\WINNT\tasks\Scheduled Update for Ask Toolbar.job
[2007/03/25 19:36:02 | 000,000,208 | RHS- | C] () -- C:\WINNT\System32\sysbkchx.sys
[2010/05/31 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/06/01 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Weelsl623\My Documents\Microsoft Word - RandAEmbroidery flyer with tabs word.pdfz:SummaryInformation
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6724CB45
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:425D0709


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files
C:\Program Files\Ask.com


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

wksda623 · 2011/01/01

All processes killed
========== OTL ==========
Service vsmon stopped successfully!
Service vsmon deleted successfully!
File C:\WINNT\System32\ZoneLabs\vsmon.exe not found.
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
File C:\WINNT\System32\vsdatant.sys not found.
Service srescan stopped successfully!
Service srescan deleted successfully!
File C:\WINNT\System32\ZoneLabs\srescan.sys not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\www\ deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINNT\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6}\ not found.
Starting removal of ActiveX control {CAFECAFE-0013-0001-0026-ABCDEFABCDEF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0026-ABCDEFABCDEF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0026-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0026-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0026-ABCDEFABCDEF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0026-ABCDEFABCDEF}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}\ not found.
File {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
C:\WINNT\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINNT\system32\sysbkchx.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\SITEguard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
ADS C:\Documents and Settings\Weelsl623\My Documents\Microsoft Word - RandAEmbroidery flyer with tabs word.pdfz:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6724CB45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:425D0709 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 4480 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Weelsl623
->Temp folder emptied: 9605579 bytes
->Temporary Internet Files folder emptied: 37217093 bytes
->Java cache emptied: 3879 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2983 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4523 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Guest

User: LocalService

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Weelsl623
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.0 log created on 01012011_195158

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

wksda623 · 2011/01/01

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
McAfee Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 9.0.124.0
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

broni · 2011/01/01

Update Firefox to the current 3.6.13 version.

================================================================

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

wksda623 · 2011/01/01

I can not get ESEL online scan to work. All I hear is a blimp from IE but can not change anything.

broni · 2011/01/01

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

wksda623 · 2011/01/01

Every time I go to Bit Defender online website, my IE locks up. I had to restart twice so far.......now that is strange.

wksda623 · 2011/01/01

I got Bit Defender Online scan to work on Firefox. It did a quick scan. Here is the log....

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Sat Jan 01 21:28:36 2011
Machine ID: 942E47D9

No infection found.
-------------------

Processes
---------
AMD PowerNow! 800 C:\Program Files\AMD\PowerNow!\GemServ.exe
AMD PowerNow! CPU Performance Monitor a 848 C:\Program Files\AMD\PowerNow!\gemback.exe
Firefox 1540 C:\Program Files\Mozilla Firefox\firefox.exe
McAfee Integrated Security Platform 876 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
McAfee SecurityCenter 3212 C:\Program Files\McAfee.com\Agent\mcagent.exe
McAfee SecurityCenter 2620 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
McAfee UI Container 1420 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
Microsoft Outlook 3724 C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Microsoft Search Client Server 2084 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
Microsoft Search Enhancement Pack 1380 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft SQL Server 1588 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft SQL Server 1752 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Microsoft® Windows Live ID 1932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 2396 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 1580 C:\WINNT\explorer.exe
Microsoft® Windows® Operating System 3108 C:\WINNT\system32\alg.exe
Microsoft® Windows® Operating System 1232 C:\WINNT\system32\csrss.exe
Microsoft® Windows® Operating System 3896 C:\WINNT\system32\ctfmon.exe
Microsoft® Windows® Operating System 584 C:\WINNT\system32\drwtsn32.exe
Microsoft® Windows® Operating System 2516 C:\WINNT\system32\drwtsn32.exe
Microsoft® Windows® Operating System 1312 C:\WINNT\system32\lsass.exe
Microsoft® Windows® Operating System 1300 C:\WINNT\system32\services.exe
Microsoft® Windows® Operating System 1064 C:\WINNT\system32\smss.exe
Microsoft® Windows® Operating System 400 C:\WINNT\system32\spoolsv.exe
Microsoft® Windows® Operating System 1532 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 1840 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 1480 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 768 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 728 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 1676 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 1708 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 1716 C:\WINNT\system32\svchost.exe
Microsoft® Windows® Operating System 3156 C:\WINNT\system32\wbem\wmiprvse.exe
Microsoft® Windows® Operating System 1256 C:\WINNT\system32\winlogon.exe
QuickTime 3632 C:\Program Files\QuickTime\qttask.exe
SYSCORE 2472 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SYSCORE 1164 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
VSCORE 2208 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
WeatherBug Desktop 3868 C:\Program Files\AWS\WeatherBug\Weather.exe
Windows Defender 1628 C:\Program Files\Windows Defender\MsMpEng.exe

Network activity
----------------
Process firefox.exe (1540) connected on port 80 (HTTP) --> 96.7.40.10
Process firefox.exe (1540) connected on port 80 (HTTP) --> 96.7.40.24
Process firefox.exe (1540) connected on port 443 (HTTP over SSL) --> 65.55.21.250
Process firefox.exe (1540) connected on port 80 (HTTP) --> 72.14.204.100
Process firefox.exe (1540) connected on port 443 (HTTP over SSL) --> 65.55.57.251
Process firefox.exe (1540) connected on port 443 (HTTP over SSL) --> 72.14.204.95
Process firefox.exe (1540) connected on port 80 (HTTP) --> 66.220.149.32
Process firefox.exe (1540) connected on port 80 (HTTP) --> 96.7.40.25

Process McSvHost.exe (876) listens on ports: 6646
Process svchost.exe (1532) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
Microsoft Genuine Advantage C:\WINNT\system32\WgaLogon.dll
Microsoft® Windows® Operating System C:\WINNT\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINNT\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINNT\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINNT\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINNT\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINNT\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINNT\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINNT\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINNT\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINNT\system32\stobject.dll
Microsoft® Windows® Operating System c:\winnt\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINNT\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINNT\system32\WPDShServiceObj.dll
Microsoft® Windows® Operating System C:\WINNT\system32\wzcdlg.dll
MSN® Toolbar C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
WeatherBug Desktop C:\Program Files\AWS\WeatherBug\Weather.exe
Windows Defender C:\Program Files\Windows Defender\MpCmdRun.exe
Windows Defender c:\program files\windows defender\mpshhook.dll
Windows® Internet Explorer C:\WINNT\system32\webcheck.dll

Browser plugins
---------------
ATLCamImage Module C:\WINNT\Downloaded Program Files\AxisCamControl.ocx
bdoscandel.exe C:\WINNT\bdoscandel.exe
bdscanonline C:\WINNT\Downloaded Program Files\oscan8.ocx
bdupd.dll C:\WINNT\Downloaded Program Files\bdupd.dll
BitDefender QuickScan C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Documents and Settings\Weelsl623\Application Data\Mozilla\Firefox\Profiles\3wgg1tfc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
Compete DCA c:\program files\common files\freecause\dca\dca-bho.dll
cpcScan C:\WINNT\Downloaded Program Files\cpcScan.dll
DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
F-Secure Corporation daas C:\WINNT\Downloaded Program Files\daas_s.dll
F-Secure Online Scanner C:\WINNT\Downloaded Program Files\fscax.dll
Foxit Reader Plugin for Mozilla C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FreeCause Toolbar c:\program files\inboxdollars\toolbar.dll
FS bwcli C:\WINNT\Downloaded Program Files\fsauc.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
ipsupd.dll C:\WINNT\Downloaded Program Files\ipsupd.dll
Java Deployment Toolkit 6.0.230.5 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\WINNT\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINNT\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINNT\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINNT\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINNT\system32\winrnr.dll
Microsoft® Windows® Operating System C:\WINNT\system32\wshbth.dll
Move Streaming Media Player C:\Documents and Settings\Weelsl623\Application Data\Move Networks\plugins\npqmp071701000002.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
mskapbho.dll c:\program files\mcafee\msk\mskapbho.dll
MSN® Games by Zone.com C:\WINNT\Downloaded Program Files\CONFLICT.1\ZIntro.ocx
MSN® Games by Zone.com C:\WINNT\Downloaded Program Files\ZIntro.ocx
MSN® Toolbar C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
NPSWF32.dll C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
Oracle JInitiator C:\Program Files\Mozilla Firefox\plugins\NPJinit13126.dll
Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
Picture Manager, Wells and Layout C:\WINNT\Downloaded Program Files\EPUWALcontrol.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
VSCORE C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105114550.dll

Missing files
-------------
File not found: C:\WINDOWS\system32\wuauserv.dll
--> HKLM\System\ControlSet001\services\wuauserv\Parameters\ "ServiceDll "

File not found: C:\WINNT\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\ "ServiceDll "

Scan
----

No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.06 MB sent, 636.62 KB recvd
Scanned 1187 files and modules - 75 seconds

==============================================================================

broni · 2011/01/01

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

wksda623 · 2011/01/02

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 2762 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Weelsl623
->Temp folder emptied: 3205269 bytes
->Temporary Internet Files folder emptied: 6248240 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3777181 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 767 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2981 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9959 bytes

Total Files Cleaned = 13.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Guest

User: LocalService

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Weelsl623
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.0 log created on 01022011_141053

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4BBC.tmp not found!
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4BD1.tmp not found!
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4C4A.tmp not found!
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4C8F.tmp not found!
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4CF0.tmp not found!
File\Folder C:\Documents and Settings\Weelsl623\Local Settings\Temp\~DF4D05.tmp not found!
C:\Documents and Settings\Weelsl623\Local Settings\Temporary Internet Files\Content.IE5\UB9YRCLF\iframescript[1].htm moved successfully.
C:\Documents and Settings\Weelsl623\Local Settings\Temporary Internet Files\Content.IE5\7I7KQFKL\96979-active-can-not-get-rid-system-tools-virus-5[1].html moved successfully.
C:\Documents and Settings\Weelsl623\Local Settings\Temporary Internet Files\Content.IE5\7I7KQFKL\toolbar[1].txt moved successfully.
C:\Documents and Settings\Weelsl623\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2011/01/02

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

wksda623 · 2011/01/02

Right now, a lot better!!!! THANK YOU!!!!!!!

broni · 2011/01/02

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Can not get rid of System Tools Virus!

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Can not get rid of System Tools Virus!

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

wksda623 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches