WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Banker fox - garbade11

2 posters

descriptionBanker fox - garbade11 EmptyBanker fox - garbade118th February 2010, 12:53 pm

more_horiz
I noticed the classic pop up (you are being Attacked...), which suprised me because I've been using avira and keeping it up to date. When I tried to run a scan though the avira icon was gone. I downloaded Avast and ran a scan which seemed to clear everything up. as of last night though the whole system seems to be shutting down. Can't get out to the internet, won't recognize any external drives, and even the colors for my theme are changing. (bottom windows bar is now white. Should I just give up and reformat?
Garbade11

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade118th February 2010, 8:11 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Banker fox - garbade11 DXwU4
Banker fox - garbade11 VvYDg

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1113th February 2010, 6:00 am

more_horiz
Hope this is what you are looking for;

OTL logfile created on: 2/12/2010 10:21:09 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 823.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.84 Gb Free Space | 74.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 488.60 Mb Total Space | 487.96 Mb Free Space | 99.87% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADS--COMPUTER
Current User Name: malware bot
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/12 01:40:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/04/13 19:12:21 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/23 01:46:52 | 000,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/02/12 01:40:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/06/29 11:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/05/09 19:03:32 | 000,052,736 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/05/09 19:03:30 | 000,043,520 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/08/04 02:02:58 | 000,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/23 01:52:30 | 000,225,353 | ---- | M] (Intel®️ Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2005/07/23 01:43:46 | 000,372,809 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/07/23 01:40:54 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/07/23 01:40:16 | 000,139,264 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2005/04/04 03:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 16:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 16:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 16:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 16:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 16:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 16:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/17 15:26:16 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/03/07 16:08:35 | 000,017,801 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/12/27 03:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp) HTC Diagnostic Port (PID 0B03)
DRV - [2006/12/27 03:38:42 | 000,092,800 | ---- | M] (HTC Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcmdmxp.sys -- (qcmdmxp) HTC Proprietary USB Driver (PID 0B03)
DRV - [2006/10/13 16:01:46 | 000,030,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2005/10/20 22:58:58 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/20 22:58:52 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/10/20 22:52:48 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/04 02:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/23 02:02:44 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/07/20 00:14:02 | 003,289,088 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/03/21 20:48:30 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2005/03/10 19:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 13:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/12 11:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/17 18:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 18:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/03/24 13:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/17 15:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236529724828 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (JavaBeansBridge Object)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/06 14:05:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 00:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\malware bot\Application Data\HP
[2010/02/09 00:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\malware bot\Application Data\Identities
[2010/02/09 00:20:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\malware bot\My Documents\My Music
[2010/02/09 00:20:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\malware bot\My Documents\My Pictures
[2010/02/08 23:08:54 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/02/08 23:08:54 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/02/08 23:08:54 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/02/08 23:08:41 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/08 23:08:29 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/02/08 23:08:29 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/02/08 23:08:13 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/08 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/08 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/02/08 23:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/02/08 22:58:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\malware bot\IETldCache
[2010/02/08 22:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\malware bot\Application Data\Intel
[2010/02/08 22:57:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\malware bot\Application Data\Microsoft
[2010/02/08 22:57:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\malware bot\Application Data
[2010/02/08 22:57:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\malware bot\Favorites
[2010/02/08 22:57:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\malware bot\Cookies
[2010/02/08 22:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\malware bot\Local Settings\Application Data\Microsoft
[2010/02/08 22:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\malware bot\Desktop
[2010/02/08 22:57:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\malware bot\SendTo
[2010/02/08 22:57:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\malware bot\Recent
[2010/02/08 22:57:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\malware bot\Start Menu
[2010/02/08 22:57:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\malware bot\My Documents
[2010/02/08 22:57:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\malware bot\Templates
[2010/02/08 22:57:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\malware bot\PrintHood
[2010/02/08 22:57:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\malware bot\NetHood
[2010/02/08 22:57:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\malware bot\Local Settings
[2010/02/08 22:46:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/07 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/07 21:18:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/07 21:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/02/07 20:40:17 | 000,069,632 | ---- | C] (Venturi Wireless) -- C:\WINDOWS\System32\vlsp(2).dll
[2010/02/07 20:07:04 | 000,092,800 | ---- | C] (HTC Corp.) -- C:\WINDOWS\System32\drivers\qcserxp.sys
[2010/02/07 20:07:04 | 000,092,800 | ---- | C] (HTC Corp.) -- C:\WINDOWS\System32\drivers\qcmdmxp.sys
[2010/02/07 18:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/07 18:25:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/02/07 18:22:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/07 18:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/07 11:55:10 | 002,078,952 | ---- | C] (Rocket Division Software) -- C:\WINDOWS\System32\starburnx.dll
[2010/02/07 11:55:10 | 000,376,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomsplitter.dll
[2010/02/07 11:55:10 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomwave.dll
[2010/02/07 11:55:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\rmdll
[2010/02/07 11:55:09 | 001,470,464 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscommpgenc.dll
[2010/02/07 11:55:09 | 000,339,968 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtde.dll
[2010/02/07 11:55:09 | 000,143,360 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomqtenc.dll
[2010/02/07 11:55:09 | 000,135,168 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomrmencoder.dll
[2010/02/07 11:55:08 | 000,888,832 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomflvdec.dll
[2010/02/07 11:55:08 | 000,266,240 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\VideoEdit.ocx
[2010/02/07 11:55:08 | 000,110,592 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudioencoder.dll
[2010/02/07 11:55:08 | 000,098,304 | ---- | C] (Viscom Software) -- C:\WINDOWS\System32\viscomaudiodata.dll
[2010/02/07 11:55:08 | 000,086,016 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINDOWS\System32\viscomframe.dll
[2010/02/07 11:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2010/02/07 10:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/02/07 10:49:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010/02/07 10:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/07 10:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/03 18:34:03 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/03 18:34:03 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/03 18:34:01 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/03 18:34:00 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/03 18:33:57 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/03 18:33:57 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/03 18:33:57 | 000,028,240 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/03 18:33:51 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/03 18:33:51 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/03 18:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/03 18:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/02 16:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\AdvancedDVDPlayer
[2010/02/02 16:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\SuperDVD Player 5.0
[2010/02/02 15:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/02/02 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/02/02 00:12:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll
[2010/01/18 21:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/01/18 21:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/01/18 21:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/18 21:28:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/01/17 11:16:38 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/15 12:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/09/25 02:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/19 19:58:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/11 09:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/06 14:05:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/12 22:20:57 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\malware bot\NTUSER.DAT
[2010/02/12 22:20:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 22:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 00:21:19 | 000,000,649 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/09 00:21:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 00:21:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/08 23:08:23 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/08 23:05:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\malware bot\ntuser.ini
[2010/02/08 23:05:18 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\malware bot\Local Settings\Application Data\IconCache.db
[2010/02/07 22:09:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 22:01:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/07 21:25:44 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CDAC3DE-255D-4B72-9F1A-2D5C3FDE4C4D}.job
[2010/02/07 21:01:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/07 20:08:04 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/02/07 18:26:21 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/07 11:55:06 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2010/02/07 10:51:41 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/07 10:31:32 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/02/03 18:34:04 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/03 18:33:58 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/03 17:45:00 | 000,002,110 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Signature Colors Virtual Painter.lnk
[2010/02/02 15:10:00 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/01/28 17:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/01/28 17:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/01/28 16:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/01/28 16:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/01/28 16:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/01/28 16:54:16 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/01/28 16:54:12 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/01/28 16:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/01/28 16:53:50 | 000,028,240 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/01/27 13:19:28 | 000,000,018 | ---- | M] () -- C:\WINDOWS\phsrch5.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/09 00:12:01 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/08 23:08:54 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/02/08 23:08:54 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/02/08 23:08:54 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/02/08 23:08:54 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/02/08 23:08:54 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/02/08 23:08:41 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/02/08 23:08:29 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/02/08 23:08:29 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/02/08 23:08:23 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/02/08 23:08:13 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/02/08 22:57:28 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\malware bot\ntuser.ini
[2010/02/08 22:57:26 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\malware bot\NTUSER.DAT
[2010/02/07 18:44:37 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CDAC3DE-255D-4B72-9F1A-2D5C3FDE4C4D}.job
[2010/02/07 18:12:41 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/07 11:55:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2010/02/07 11:55:10 | 000,054,612 | ---- | C] () -- C:\WINDOWS\System32\starburnx.tlb
[2010/02/07 11:55:09 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2010/02/07 11:55:08 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/02/07 11:55:08 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/02/07 11:55:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2010/02/07 11:55:08 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/07 11:55:08 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/02/07 11:55:08 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/02/07 11:55:08 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2010/02/07 11:55:06 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2010/02/07 10:51:41 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2010/02/07 10:31:32 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/02/03 18:34:04 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/03 17:45:00 | 000,002,110 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Signature Colors Virtual Painter.lnk
[2010/02/02 15:10:00 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2010/01/18 21:35:38 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/24 19:57:39 | 000,000,018 | ---- | C] () -- C:\WINDOWS\phsrch5.ini
[2009/03/17 14:59:43 | 000,000,179 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/03/17 08:56:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2009/03/07 17:01:43 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/03/07 16:13:40 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/03/07 16:08:50 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2009/03/07 16:02:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2009/03/06 18:08:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/03/06 18:05:03 | 000,003,302 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/06 16:49:19 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/31 00:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2004/08/04 07:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004683_.tmp.dll
[2004/08/04 07:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004651_.tmp.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
____________________________________________________________
____________________________________________________________

OTL Extras logfile created on: 2/12/2010 10:21:09 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 823.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.84 Gb Free Space | 74.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 488.60 Mb Total Space | 487.96 Mb Free Space | 99.87% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADS--COMPUTER
Current User Name: malware bot
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe" = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe:*:Enabled:VZAccess Manager -- (Smith Micro Software, Inc.)
"C:\Program Files\Kiplingers Home and Business Attorney\jre\bin\javaw.exe" = C:\Program Files\Kiplingers Home and Business Attorney\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0113910E-8934-4CC7-9FDE-C177B9206CC9}" = DeLorme Phone Data 2008
"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38189804-0D18-4469-8BE6-CC16C4E1B2A5}" = WModem_Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F7D7F4A-6F41-4FCE-80B3-DB4210FA01EA}" = DeLorme Street Atlas USA 2008 Plus
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{441FEF5E-B332-4D9A-854B-D4CD235E525E}" = Master Maintenance Program
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{536E1504-E2E0-4B25-9D61-5418DE8319A4}" = WinWay Resume Deluxe
"{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}" = Greeting Card Factory Express Workshop
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AAB8D9DC-27E5-4C1B-A746-3B874B488D77}" = WModem_Installer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}" = MyProfessionalBusinessCards
"{D61F8B6C-F49C-4CDB-84B7-BF99CE0FBB78}" = Valspar Signature Series Virtual Painter
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Catz" = Catz (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Officejet All-In-One Series" = HP Officejet All-In-One Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Kiplinger's Home and Business Attorney" = Kiplinger's Home and Business Attorney
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Spyware Doctor" = Spyware Doctor 7.0
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"VLC media player" = VLC media player 0.9.2
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Mobile Device Handbook" = SMT5800VW User Manual
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2009 6:35:11 PM | Computer Name = DADS--COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application VZAccess Manager.exe, version 6.9.2.2184, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2009 5:51:47 PM | Computer Name = DADS--COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.283.0, faulting module
unknown, version 0.0.0.0, fault address 0x00ac1050.

Error - 8/16/2009 2:48:02 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - An I/O operation initiated by
the registry failed unrecoverably. The registry could not read in, or write out,
or flush, one of the files that contain the system's image of the registry. for
C:\Documents and Settings\Phillip M. Garbade\ntuser.dat

Error - 8/16/2009 2:48:18 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - An I/O operation
initiated by the registry failed unrecoverably. The registry could not read in,
or write out, or flush, one of the files that contain the system's image of the
registry.

Error - 8/16/2009 2:48:19 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 8/16/2009 2:48:20 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 8/16/2009 2:51:06 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - An I/O operation initiated by
the registry failed unrecoverably. The registry could not read in, or write out,
or flush, one of the files that contain the system's image of the registry. for
C:\Documents and Settings\Phillip M. Garbade\ntuser.dat

Error - 8/16/2009 2:51:37 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - An I/O operation
initiated by the registry failed unrecoverably. The registry could not read in,
or write out, or flush, one of the files that contain the system's image of the
registry.

Error - 8/16/2009 2:51:37 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 8/16/2009 2:51:39 PM | Computer Name = DADS--COMPUTER | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ System Events ]
Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:43 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 2/12/2010 11:20:45 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/12/2010 11:20:56 PM | Computer Name = DADS--COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1114th February 2010, 1:10 am

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment, SE v1.4.2_03

Next,

  1. Please download AskRemover from here
  2. Extract the zip file to your Desktop, then run AskRemover.bat
  3. Allow it to run, and select yes to the registry merge warning.
  4. Copy and paste the resulting log in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Banker fox - garbade11 DXwU4
Banker fox - garbade11 VvYDg

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1116th February 2010, 8:45 pm

more_horiz
Tried to remove the file; Java 2 Runtime Environment, SE v1.4.2_03 in Safe Mode, then in Normal mode. Both times I received the pop up: "The windows installerservice could not be accessed. This can occur if you are running Windows in the Safe Mode, or if the Windows installer is not correctly installed. Contact your support personnel for assistance."

The third attempt I rebooted using "F8" and selected the "Safe Mode with Command Prompt".
I used the command prompt and syntax { cd c:\program files\java } and did a dir/w. Three files showed up; ".", ".." and "j2re1.4.2_03".
Using the DEL command from C:\program Files\java I entered { Del j2re1.4.2_03 } Enter

Response from the system READ: C:\program files\java>del j2re1.4.2_03
C:\program files\java\j2re1.4.2_03\*, Are you Sure (Y/N)
My response was "Y" Enter

Response from the system READ:
C:\program files\java\j2re1.4.2_03\License
Access is denied
C:\program files\java\j2re1.4.2_03\License_fr.rtf
Access is denied
C:\program files\java\j2re1.4.2_03\License_zh_CN.rtf
Access is denied
C:\program files\java\j2re1.4.2_03\License_zh_TW.rtf
Access is denied

At this point I used the exit command, and shut down.

At restart I unzipped the Askremover and ran the Askremover Bat file:

Results pasted below:
Ask Remover Version 1.1 - Written by Belahzur

The current time and date is 15:32:36.98 Tue 02/16/2010

Microsoft Windows XP [Version 5.1.2600]


==== STARTING CHECK ====

==== Starting removal of Ask ====

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.myyahoo.com/


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar REG_SZ http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

*** The above keys may not need fixing ***

==== FINAL CHECK ====

==== EOF ====

I had to save the results to a flash drive and sent from a secondary computer. It seems all of my antivirus software has been rendered inoperable. (Avast) Free version.

Guess I got it good Huh? What is our next move? By the way as frustrating as this is for me, I don't know how y'all continue. Either way fixed or not I appreciate what you're doing and want to make a donation to the cause. How do I do that, and is $20 enough?

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1116th February 2010, 9:36 pm

more_horiz
Hello.
Please re-download my AskRemover tool, fixed a small bug in it, it didn't delete a file it was supposed to have, but it does now. Smile... Post the new log when done.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Banker fox - garbade11 DXwU4
Banker fox - garbade11 VvYDg

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1120th February 2010, 2:41 am

more_horiz
Ask Remover Version 1.1 - Written by Belahzur

The current time and date is 14:18:28.95 Wed 02/17/2010

Microsoft Windows XP [Version 5.1.2600]


==== STARTING CHECK ====

==== Starting removal of Ask ====

Applying removal of Ask Toolbar registry keys.

==== REGISTRY DUMP ====

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://www.myyahoo.com/


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Search Bar REG_SZ http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

*** The above keys may not need fixing ***

==== FINAL CHECK ====

==== EOF ====

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1120th February 2010, 8:17 pm

more_horiz
How is the machine running now? Smile...

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Banker fox - garbade11 DXwU4
Banker fox - garbade11 VvYDg

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade1122nd February 2010, 1:34 am

more_horiz
It,s not. Can not or won't recognize any usb ports. Tried to use my GPS, (EarthMate); waste of time: no Internet from teathered phone, (Verizon SMT5800),
No internet when direct connect via hardline. Just generally FUBAR. Still only limited access to some stuff via safe boot w/networking, but not much else.
Anti virius software is still completely shut out.
Suggestions? Or should I just reformat? I'd hate to lose my pictures some of them haven't been backed up yet.

descriptionBanker fox - garbade11 EmptyRe: Banker fox - garbade11

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum