beachmaster computor virus or malware

View previous topic View next topic Go down

beachmaster computor virus or malware

Post by beachmaster on Wed 19 Jan 2011, 3:27 am

i can not get on the internet from administrator log in can you help? Thank you very much.
OTL logfile created on: 1/18/2011 9:52:51 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 22.00% Memory free
769.00 Mb Paging File | 108.00 Mb Available in Paging File | 14.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.01 Gb Total Space | 3.03 Gb Free Space | 8.90% Space Free | Partition Type: NTFS

Computer Name: MDB | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/18 09:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.com
PRC - [2009/05/11 11:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/10/22 17:45:38 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/30 07:17:38 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/09/06 19:15:52 | 000,888,987 | ---- | M] (A-1 Technology, Inc.) -- C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe
PRC - [2007/08/01 14:01:34 | 000,412,160 | ---- | M] () -- C:\Program Files\ClickToConvert\C2CMonitor.exe
PRC - [2006/11/20 02:48:45 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/19 15:19:26 | 000,304,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2005/09/13 23:15:54 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/10/14 18:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/05 16:23:08 | 000,382,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
PRC - [2001/07/31 21:59:50 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/18 09:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.com
MOD - [2006/11/20 02:50:27 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/07/02 14:25:09 | 000,000,942 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mozilla.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 firefox.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 firefox2.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 download.mozilla.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (MyWay.com)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SprintModemUpdate] C:\WINDOWS\System32\javaw.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks US Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe (A-1 Technology, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: user32.dll = C:\Program Files\Video Access ActiveX Object\isamntr.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: rare = C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.17 68.105.29.17
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll (TODO: )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {aed6f6a3-183c-488d-9f90-23db99f56e7f} - apathies - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 16:38:52 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
SafeBootMin: AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
SafeBootNet: AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26B82915-D71B-1363-4CC0-D97014C862B1} - Themes Setup
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8B8AE6E2-AF92-69DA-F3FC-65904F5544F2} - DirectAnimation
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 09:52:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.com
[2011/01/18 09:23:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\PrivacIE
[2011/01/18 09:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Adobe
[2011/01/18 09:21:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\IETldCache
[2011/01/18 09:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
[2011/01/18 09:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Identities
[2011/01/18 09:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Gtek
[2011/01/18 09:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Google
[2011/01/18 09:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\AOL
[2011/01/18 09:20:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2011/01/18 09:20:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\SendTo
[2011/01/18 09:20:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\Recent
[2011/01/18 09:20:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guest\Application Data
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Startup
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Start Menu
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents\My Pictures
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents\My Music
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\My Documents
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Favorites
[2011/01/18 09:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Accessories
[2011/01/18 09:20:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\Cookies
[2011/01/18 09:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\Templates
[2011/01/18 09:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\PrintHood
[2011/01/18 09:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\NetHood
[2011/01/18 09:20:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Guest\Local Settings
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Symantec
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Sun
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Google
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Desktop
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Dell Accessories
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Dell
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\CCWin
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\ApplicationHistory
[2011/01/18 09:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/18 09:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.com
[2011/01/18 09:21:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/18 09:21:21 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/18 09:13:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/18 09:13:23 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/11 16:55:38 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/01/11 16:55:38 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/01/08 20:02:29 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/18 09:20:34 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/01/18 09:20:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/18 09:20:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/18 09:20:34 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/01/18 09:20:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/11 16:55:38 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/01/11 16:55:38 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/15 08:42:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/05/15 08:41:32 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/03/24 08:38:29 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\811E2C59D6.sys
[2009/03/04 09:50:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\UACd.sys
[2008/11/19 14:12:25 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LPng.dll
[2008/10/29 11:07:42 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/10 23:58:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/02/04 16:57:01 | 000,002,281 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/21 17:11:04 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/21 16:56:37 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2006/07/08 13:45:36 | 005,940,840 | ---- | C] () -- C:\Program Files\winzip100.exe
[2006/07/08 12:27:16 | 000,734,400 | ---- | C] () -- C:\Program Files\wzcou10.exe
[2006/05/27 19:20:03 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/09 18:34:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/04/09 16:46:07 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/01/29 23:32:47 | 000,000,028 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2006/01/29 20:49:08 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/01/29 20:49:07 | 000,001,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/01 16:35:27 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/09/19 17:50:37 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSC62.ini
[2005/09/19 12:03:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/19 11:41:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/13 23:33:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/13 23:19:52 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/13 22:49:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/13 22:49:08 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/15 11:37:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/06/20 10:06:42 | 000,008,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
[2002/03/04 18:09:00 | 000,011,264 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\htmlprnt.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/07/08 13:45:43 | 005,940,840 | ---- | M] () -- C:\Program Files\winzip100.exe
[2006/07/08 12:27:33 | 000,734,400 | ---- | M] () -- C:\Program Files\wzcou10.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2007/04/15 11:38:31 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/18 09:21:42 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 12:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2001/08/23 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/18 09:21:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Guest\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/03/08 03:31:56 | 000,183,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/04/15 05:17:11 | 000,307,200 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/04/15 11:09:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/04/15 05:17:11 | 030,072,832 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/04/15 05:17:13 | 004,456,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2010/02/01 11:00:34 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\system32\811E2C59D6.sys
[2001/08/23 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys
[2001/08/23 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 15:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 11:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2003/09/25 21:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys
[2001/08/23 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/23 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 15:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2011/01/08 20:02:29 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[2001/08/23 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/23 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/23 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/23 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/23 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 15:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 15:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 15:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 15:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 15:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2005/10/17 18:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\rt2500usb.sys
[2004/08/03 16:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2006/11/20 02:50:19 | 001,839,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2004/01/07 16:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) -- C:\WINDOWS\system32\WUSB20XP.sys
[2004/04/23 21:43:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) -- C:\WINDOWS\system32\WUSBGXP.sys
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2001/07/03 20:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/06/20 10:06:42 | 000,008,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
[2002/03/04 18:09:00 | 000,011,264 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\htmlprnt.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2006/01/01 16:38:52 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/04/15 11:32:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/13 22:53:54 | 000,004,346 | RH-- | M] () -- C:\dell.sdr
[2011/01/18 09:13:23 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2007/04/15 11:22:49 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2006/04/17 20:54:32 | 000,000,350 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/09/13 23:16:26 | 000,000,827 | -H-- | M] () -- C:\IPH.PH
[2006/08/21 16:58:28 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/03/03 14:41:45 | 113,691,507 | ---- | M] () -- C:\My Folders.zip
[2004/08/03 15:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 15:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/01/18 09:35:34 | 553,648,128 | -HS- | M] () -- C:\pagefile.sys
[2005/09/13 23:16:43 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/01/08 11:18:41 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2009/07/08 07:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/25 11:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2008/06/09 09:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai
[2005/09/13 22:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/07/06 12:56:41 | 000,000,000 | ---D | M] -- C:\Program Files\Articulate
[2006/05/21 12:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2008/06/10 11:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2008/11/19 14:15:41 | 000,000,000 | ---D | M] -- C:\Program Files\ClickToConvert
[2009/07/06 12:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 12:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/10/29 10:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2005/09/13 23:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2005/09/13 23:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2005/09/19 17:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/08/25 15:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/03/14 10:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/01 10:43:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google Earth
[2007/04/15 12:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2007/03/10 22:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/03/10 22:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2007/03/03 12:34:04 | 000,000,000 | ---D | M] -- C:\Program Files\HP all-in-one
[2009/09/10 12:07:14 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/09/13 23:09:00 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/15 14:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/04/04 19:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2006/12/16 12:20:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/15 17:16:43 | 000,000,000 | ---D | M] -- C:\Program Files\Iron Speed
[2006/12/16 12:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2005/09/13 23:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/08/15 15:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/09/13 23:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2009/05/15 08:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2006/08/21 17:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2006/08/19 22:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/09/19 11:59:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/11/11 11:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/09/13 23:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/09/13 23:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2007/02/10 09:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SP 2
[2005/09/19 19:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2005/09/19 11:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2007/03/30 03:06:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2005/09/19 11:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/05/15 08:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\motive
[2004/08/10 12:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2008/11/11 11:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/10 12:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/16 03:01:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2005/09/13 23:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2005/09/13 23:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\MyWaySA
[2009/03/04 09:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/18 08:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\News Scroller Wizard
[2004/08/10 12:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/04 09:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/09/10 12:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal Payment Request Wizard
[2010/11/04 12:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\PHP
[2006/01/01 16:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2009/01/31 14:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2006/09/30 09:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\QUICKENW
[2006/12/16 12:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/09/13 23:15:54 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/06 16:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Selteco
[2010/02/04 11:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\SendSpace
[2009/12/08 15:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Smilebox
[2005/09/13 23:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/05/15 08:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\sprint virtual assistant
[2007/03/03 08:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/03/31 18:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2007/03/10 23:42:33 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2006/01/28 09:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\The Real Yellow Pages
[2004/08/10 12:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/09/13 23:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/04/07 08:16:36 | 000,000,000 | ---D | M] -- C:\Program Files\VistaPrint
[2005/09/13 23:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2009/08/25 15:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Antivirus Pro
[2006/12/08 21:06:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/04/15 11:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007/03/10 22:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 12:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/06/11 08:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2006/07/08 12:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip Companion for Outlook
[2005/09/13 23:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/19 22:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2005/09/13 23:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name

< %appdata%\*.* >
[2007/04/15 11:20:47 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Guest\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 04:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/03 15:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/03 17:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/03 17:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/03 17:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/03 22:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\i386\usbstor.sys
[2004/08/03 16:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Wed 19 Jan 2011, 3:27 am

OTL Extras logfile created on: 1/18/2011 9:52:51 AM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 22.00% Memory free
769.00 Mb Paging File | 108.00 Mb Available in Paging File | 14.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.01 Gb Total Space | 3.03 Gb Free Space | 8.90% Space Free | Partition Type: NTFS

Computer Name: MDB | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Pro\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1A94F09C-09B9-467E-BD3C-142A1E6564F5}" = Iron Speed Designer V7.0.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{253FCC55-E03D-40D4-A407-3470BE4101C0}" = VistaPrint Electronic Business Card
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D180A2C-9364-4384-8889-9DD425EC1497}" = PHP 5.3.3
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005 with USB GPS
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76A35397-115C-46EC-AE2C-71262B682E0F}" = Articulate Studio '09 Pro
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{860C3B10-00E3-442C-B82A-4C167FC274EB}" = Articulate Studio '09 Pro
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ECB8220-F426-4BEB-9596-97033C533702}" = QuickBooks Premier: Contractor Edition 2008
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE3E6C98-BA83-4990-8E14-12B26E16D1A4}" = Articulate Studio '09 Pro
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F09E75B4-C3AE-4CE7-959E-B2E8769555E4}" = PayPal Payment Request Wizard For QuickBooks US Edition
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Alligator Flash Designer 7" = Alligator Flash Designer 7 (7.0.7.4) Trial
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Click to Convert 6.0" = Click to Convert 6.0
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"News Scroller Wizard" = News Scroller Wizard 2.3
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"Quicken 2002 Deluxe" = Quicken 2002 Deluxe
"RealPlayer 6.0" = RealPlayer Basic
"SendSpaceWizard" = SendSpace Wizard
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"STA.bsa_ENU" = The Real Yellow Pages v4.7.9
"StreetPlugin" = Learn2 Player (Uninstall Only)
"System Alert Popup" = System Alert Popup
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip Companion for Outlook" = WinZip Companion for Outlook
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sneakyone on Wed 19 Jan 2011, 12:17 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Thu 20 Jan 2011, 1:27 am

my computer won't let me do this I am in guest mode
i can not get on internet in administrative mode... thank you

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Fri 21 Jan 2011, 8:45 am

well i have tried many many many times to get combo fix to run exactly the way you said and it says installation failed at last minute is there anything else i can do?

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sneakyone on Fri 21 Jan 2011, 9:49 am

Hi,

Are you able to run ComboFix in Safe Mode? You need to be on the administrator account.


Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Log into an account with administrative priviliges.



I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Fri 21 Jan 2011, 10:55 pm

i am in safe mode now and the"%userprofile%\desktop\commy.exe" /stepdel
is not recongnized

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sneakyone on Sat 22 Jan 2011, 5:47 pm

Hi,

Just double-click on it.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Mon 24 Jan 2011, 3:14 am

i double clicked on it and it came up and now its up with blinking line and i put in what you said and it says it does not recognize it .

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sneakyone on Mon 24 Jan 2011, 12:52 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: beachmaster computor virus or malware

Post by beachmaster on Tue 25 Jan 2011, 1:22 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5589

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/24/2011 8:16:52 AM
mbam-log-2011-01-24 (08-16-52).txt

Scan type: Quick scan
Objects scanned: 187861
Time elapsed: 18 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 8
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4D25F920-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4D25F923-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\djejeeht (Trojan.FakeAlert.Gen) -> Value: djejeeht -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (Adware.MyWebSearch) -> Value: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Value: user32.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Mike\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\Mike\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\windows antivirus pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\intheuepy\ritibkruerb.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\WINDOWS\system32\1E3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\desot.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\268.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\UAC958e.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\pdfupd.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Mike\application data\shoppingreport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\wispex.html (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\i3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\j3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\l3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\pix.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\t1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\t2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\up1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\up2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w11.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\program files\windows antivirus pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.

beachmaster

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-01-19
Operating System : windows xp

View user profile

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sneakyone on Thu 27 Jan 2011, 4:38 pm

Hi,

Could you please try running ComboFix now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: beachmaster computor virus or malware

Post by Sponsored content Today at 12:49 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum