Jump to content

Recommended Posts

Hoping someone can help. My PC was recently infected with the Antivirus 2009 and I've been able to run SpyDoctor to remove the virus' symantec didn't find. Computer is still beyond slow and getting onto the internet is a joke. Needless to say something else is amiss. I saved the Malwarebytes mbam-setup to my flash drive from my work computer, and installed it on the infected one. Tried to run it and it starts to do its thing but then haults at the license.txt file, it gives me the option of skipping, trying again or aborting - I tried again - did't work, tried to skip but then it haults at ALL of the .lng/language files, skipped all those and it didn't install successfully I get some [Error code: 707 (2)] &. Can anyone help? I've been able to back-up my important files and am about to just reformat the whole darn thing - but would like to avoid that process if possible as I don't have all my program/application disks still.

Here are the logs I managed to get from OTListIt (program was run on infected computer)

OTListIt.txt

OTListIt logfile created on: 12/12/2008 12:27:44 PM - Run

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\King Ruberous\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 70.17 Mb Available Physical Memory | 13.74% Memory free

1.22 Gb Paging File | 0.56 Gb Available in Paging File | 46.29% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 36.18 Gb Free Space | 48.55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 339.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 42.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 982.72 Mb Total Space | 180.75 Mb Free Space | 18.39% Space Free | Partition Type: FAT

Drive H: | 465.64 Gb Total Space | 465.26 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: NED

Current User Name: King Ruberous

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2001/01/03 15:50:56 | 00,066,048 | ---- | M] (Silitek Corporation) -- C:\WINNT\system32\SK9910DM.EXE

[2002/08/06 16:24:14 | 00,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe

[2002/07/02 18:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\cthelper.exe

[2002/10/03 19:50:14 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[2001/11/07 14:25:54 | 00,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\capFax.exe

[2003/01/03 10:53:16 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe

[2005/11/21 19:48:23 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

[2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[2003/03/03 12:29:18 | 00,081,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe

[2004/05/12 14:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[2008/04/20 12:54:53 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[2008/09/08 21:33:23 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[2008/08/25 12:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe

[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

[2001/03/15 05:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

[2004/05/28 21:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[2008/09/08 21:33:23 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[2008/04/20 12:54:53 | 00,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

[2005/03/10 09:40:30 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

[2001/07/31 21:59:50 | 00,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE

[2004/02/11 08:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE

[2007/09/19 16:18:04 | 00,376,832 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[2008/09/08 21:33:23 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[2008/11/20 21:40:12 | 02,470,264 | ---- | M] (PPStream Inc.) -- C:\Program Files\PPStream\PPStream.exe

[2003/10/30 12:51:20 | 01,957,888 | ---- | M] (Webshots.com) -- C:\WINNT\webshots.scr

[2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2004/05/28 22:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

[2003/03/03 12:29:54 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

[2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\KodakCCS.exe

[2003/03/03 12:31:54 | 00,581,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

[2002/07/16 13:16:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe

[2002/08/19 00:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe

[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe

[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuauclt.exe

[2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINNT\system32\HPZipm12.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuauclt.exe

[2008/07/09 02:38:29 | 00,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SoftwareDistribution\Download\9f4032b7c01ffa276d9d4715007a565f\update\update.exe

[2008/12/11 13:38:56 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\King Ruberous\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2003/03/03 12:29:54 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

[2008/09/08 21:33:23 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])

[2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])

[2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])

[2002/05/03 13:36:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc [Auto | Stopped])

[2003/03/03 12:31:54 | 00,581,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])

[2002/07/16 13:16:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])

[2002/08/19 00:00:00 | 00,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])

[2008/06/13 16:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])

[2008/10/09 13:47:42 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])

[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 13:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])

[2003/01/03 10:53:18 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINNT\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])

[2001/08/17 14:28:00 | 00,871,388 | ---- | M] (BCM) -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem [On_Demand | Stopped])

[2006/08/28 20:48:26 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINNT\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [system | Running])

[2006/08/28 20:48:26 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k [system | Running])

[2002/10/03 19:51:10 | 00,240,640 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdudf_xp.sys -- (cdudf_xp [system | Running])

[2002/07/19 11:46:26 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])

[2002/07/19 11:47:50 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])

[2002/07/19 11:48:06 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])

[2002/07/19 11:48:20 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

[2004/05/20 08:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\DcCam.sys -- (DcCam [system | Running])

[2004/05/20 08:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped])

[2004/06/02 13:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running])

[2004/05/20 08:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped])

[2004/07/07 10:27:28 | 00,070,070 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped])

[2002/10/03 19:55:56 | 00,025,674 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])

[2002/02/25 02:54:04 | 00,139,776 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])

[2002/07/19 11:48:30 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])

[2004/07/07 08:55:12 | 00,152,049 | ---- | M] (Eastman Kodak Company) -- C:\WINNT\system32\drivers\ExportIt.sys -- (Exportit [system | Stopped])

[2002/08/06 16:24:16 | 01,107,680 | ---- | M] (GTW) -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem [On_Demand | Running])

[2002/07/24 14:52:24 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINNT\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])

[2004/03/21 08:35:48 | 00,051,088 | ---- | M] (HP) -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])

[2004/03/21 08:35:52 | 00,016,496 | ---- | M] (HP) -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2004/03/21 08:35:58 | 00,021,744 | ---- | M] (HP) -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2008/08/25 12:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINNT\system32\drivers\ikfilesec.sys -- (IKFileSec [boot | Running])

[2008/08/25 12:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINNT\system32\drivers\iksysflt.sys -- (IKSysFlt [system | Running])

[2008/08/25 12:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINNT\system32\drivers\iksyssec.sys -- (IKSysSec [system | Running])

[2000/03/29 16:11:20 | 00,008,096 | ---- | M] (MicroStaff Co.,Ltd.) -- C:\WINNT\System32\drivers\MASPINT.SYS -- (MASPINT [Auto | Running])

[2002/10/03 19:55:50 | 00,030,406 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])

[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])

[2003/04/23 17:21:43 | 00,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\WINNT\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])

[2002/11/11 07:58:34 | 00,219,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP [On_Demand | Running])

[2002/11/11 07:58:36 | 00,029,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL [Auto | Running])

[2008/11/27 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081127.016\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008/11/27 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081127.016\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2002/07/16 13:16:00 | 00,981,466 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2002/07/19 11:48:02 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])

[2002/11/21 09:30:16 | 00,044,192 | ---- | M] (PC-Doctor Inc.) -- C:\WINNT\system32\drivers\PCDrNT.sys -- (PcdrNt [On_Demand | Stopped])

[2008/12/05 20:22:36 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINNT\system32\drivers\pctfw2.sys -- (pctfw2 [system | Running])

[1999/12/17 02:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINNT\system32\PFMODNT.SYS -- (PfModNT [Auto | Running])

[2002/08/29 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2002/10/03 19:55:44 | 00,134,426 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k [system | Running])

[2006/11/02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINNT\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2000/06/06 11:29:58 | 00,006,736 | ---- | M] (RioPort.com) -- C:\WINNT\System32\drivers\RioPnP.sys -- (RioPNP [Auto | Running])

[2003/09/02 12:10:32 | 00,018,304 | R--- | M] (SONICblue Inc.) -- C:\WINNT\system32\drivers\RIOXDRV.sys -- (RIOXDRV [On_Demand | Stopped])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2000/09/11 19:32:28 | 00,007,552 | ---- | M] (Silitek Corp.) -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k [On_Demand | Running])

[2000/09/12 01:39:10 | 00,006,208 | ---- | M] (Silitek Corp.) -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt [system | Running])

[2007/02/05 14:25:31 | 00,073,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2002/10/03 19:52:38 | 00,206,464 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [system | Running])

[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINNT\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2002/08/29 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft.com/isapi/redir.dll?P...mp;Ar=ie5update

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myspace.com/

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\S-1-5-21-818708725-2397088480-3980875739-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-818708725-2397088480-3980875739-1005\S-1-5-21-818708725-2397088480-3980875739-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (addestination search enhancer) - {2F25ACD8-E247-E963-05A0-C59F83D7D7E4} - C:\WINNT\system32\tbbkwzeiiejsf.dll ()

O2 - BHO: (addestination) - {7050309d-f9d1-9acd-f990-47489f6988aa} - C:\WINNT\system32\nsm21.dll ()

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (addestination browser enhancer) - {95A4A6BF-60FE-264A-9896-1BA88A42C58D} - C:\WINNT\system32\jumifimvlqvmanu.dll ()

O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (Viewpoint Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\googletoolbar.dll (Google Inc.)

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)

O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE (BVRP Software)

O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)

O4 - HKLM..\Run: [DENT DEFY] C:\PROGRA~1\MAILAN~1\startfour.exe File not found

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)

O4 - HKLM..\Run: [GWMDMMSG] GWMDMMSG.exe (GTW)

O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()

O4 - HKLM..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE (Silitek Corporation)

O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)

O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe ()

O4 - HKLM..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" File not found

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

O4 - HKLM..\Run: [qzlkukktiqc] C:\WINNT\System32\regsvr32.exe /s "C:\WINNT\system32\jumifimvlqvmanu.dll" (Microsoft Corporation)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)

O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINNT\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKLM..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe (Microsoft Corporation)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE (Intuit)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

O4 - Startup: C:\Documents and Settings\King Ruberous\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\King Ruberous\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files\PPStream\PPStream.exe (PPStream Inc.)

O4 - Startup: C:\Documents and Settings\King Ruberous\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)

O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: (msn in My Computer)

O15 - HKU\S-1-5-21-818708725-2397088480-3980875739-1005\..Trusted Sites: (msn in My Computer)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1158324714671 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} http://h30043.www3.hp.com/netassist/en/che...hp.cab?1,0,0,94 (HP Content Update)

O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)

O18 - Protocol\Handler: - cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls" = C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

>[2008/09/11 02:09:21 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

NavLogon: "DllName" = C:\WINNT\system32\NavLogon.dll -- C:\WINNT\system32\NavLogon.dll ()

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

Autorun.inf [[AutoRun] | open=Install.exe | icon=Disc.ico | ]

[2005/09/26 05:55:34 | 00,000,042 | R--- | M] () -- E:\Autorun.inf -- [ CDFS ]

autorun.inf [[autorun] | open=wd_windows_tools\WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ]

[2008/04/01 13:53:24 | 00,000,071 | -H-- | M] () -- H:\autorun.inf -- [ FAT32 ]

autorun []

[2008/10/11 17:47:36 00,000,000 | ---D | M] -- H:\autorun -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINNT\System32\*.tmp files]

[2 C:\WINNT\*.tmp files]

[2008/12/12 12:28:46 | 00,000,000 | ---D | C] -- C:\WINNT\LastGood

[2008/12/12 12:26:24 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\King Ruberous\Desktop\OTListIt.exe

[2008/12/12 12:26:07 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\King Ruberous\Desktop\HJTInstall.exe

[2008/12/11 17:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Protection

[2008/12/11 17:31:20 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\King Ruberous\Desktop\FixIT.exe

[2008/12/11 17:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\Computer Protection

[2008/12/10 23:53:15 | 00,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/12/10 23:53:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2008/12/10 23:53:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2008/12/10 21:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/12/10 21:32:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2008/12/10 20:35:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/12/09 23:07:39 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies

[2008/12/09 22:45:11 | 00,000,347 | ---- | C] () -- C:\Documents and Settings\King Ruberous\Desktop\My Documents.lnk

[2008/12/06 00:00:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2008/12/05 23:59:49 | 00,160,792 | ---- | C] (PC Tools) -- C:\WINNT\System32\drivers\pctfw2.sys

[2008/12/05 19:56:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2008/12/03 23:08:36 | 00,000,000 | ---D | C] -- C:\ShoppingReport

[2008/12/03 23:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\Desktop\ShoppingReport

[2008/12/02 16:36:07 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

[2008/12/02 16:36:03 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINNT\System32\drivers\iksyssec.sys

[2008/12/02 16:36:03 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINNT\System32\drivers\iksysflt.sys

[2008/12/02 16:36:03 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINNT\System32\drivers\ikfilesec.sys

[2008/12/02 16:36:03 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINNT\System32\drivers\kcom.sys

[2008/12/02 16:35:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2008/12/02 16:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\Application Data\PC Tools

[2008/12/02 10:06:52 | 00,678,912 | ---- | C] () -- C:\WINNT\System32\nsm21.dll

[2008/11/30 23:05:14 | 00,000,000 | ---D | C] -- C:\WINNT\ie7updates

[2008/11/30 23:04:10 | 00,000,000 | ---D | C] -- C:\WINNT\WBEM

[2008/11/30 23:04:08 | 00,000,000 | ---D | C] -- C:\WINNT\System32\en-US

[2008/11/30 23:02:47 | 00,000,000 | -H-D | C] -- C:\WINNT\ie7

[2008/11/30 23:02:27 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$

[2008/11/30 23:01:53 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$

[2008/11/30 22:59:41 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\xmllite.dll

[2008/11/30 22:42:50 | 00,000,000 | ---D | C] -- C:\WINNT\network diagnostic

[2008/11/30 22:40:31 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msfeeds.dll

[2008/11/30 22:40:29 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msfeedsbs.dll

[2008/11/30 22:40:25 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\iertutil.dll

[2008/11/30 22:40:15 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icardie.dll

[2008/11/30 22:40:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieudinit.exe

[2008/11/30 22:40:12 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieapfltr.dll

[2008/11/30 22:40:06 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieapfltr.dat

[2008/11/30 22:40:03 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieframe.dll.mui

[2008/11/30 22:39:39 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieframe.dll

[2008/11/30 22:38:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\custsat.dll

[2008/11/30 22:35:06 | 00,000,000 | ---D | C] -- C:\a8bb0a9f961be7a3f9

[2008/11/29 16:53:33 | 00,068,395 | ---- | C] () -- C:\WINNT\System32\tbbkwzeiiejsf.dll-uninst.exe

[2008/11/28 11:29:48 | 00,592,384 | ---- | C] () -- C:\WINNT\System32\tbbkwzeiiejsf.dll

[2008/11/23 14:34:29 | 00,000,113 | ---- | C] () -- C:\WINNT\PPSMediaList.ini

[2008/11/23 14:34:20 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\King Ruberous\Start Menu\Programs\Startup\PPS.lnk

[2008/11/23 14:34:20 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\King Ruberous\Desktop\PPStream.lnk

[2008/11/23 14:34:20 | 00,000,307 | ---- | C] () -- C:\WINNT\powerplayer.ini

[2008/11/23 14:34:19 | 00,000,384 | ---- | C] () -- C:\WINNT\psnetwork.ini

[2008/11/23 14:34:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\Application Data\PPStream

[2008/11/23 14:34:02 | 00,000,000 | ---D | C] -- C:\Program Files\PPStream

[2008/11/23 14:18:35 | 00,000,000 | ---D | C] -- C:\Program Files\TVAnts

[2008/11/20 20:00:03 | 00,044,959 | ---- | C] () -- C:\EasyShare.dmp

[2008/11/20 19:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\My Documents\New Folder (2)

[2008/11/20 19:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\My Documents\New Folder

[2008/11/17 10:54:24 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\King Ruberous\My Documents\Q3.DIR

[2008/11/17 10:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\King Ruberous\My Documents\BACKUP

[2008/11/15 17:24:34 | 00,053,960 | ---- | C] () -- C:\WINNT\System32\cont_addestination-remove.exe

[2008/11/15 17:24:31 | 00,047,593 | ---- | C] () -- C:\WINNT\System32\izgfgfljtvkdd.exe

========== Files - Modified Within 30 Days ==========

[2 C:\WINNT\System32\*.tmp files]

[2 C:\WINNT\*.tmp files]

[2008/12/12 12:27:53 | 00,000,384 | ---- | M] () -- C:\WINNT\psnetwork.ini

[2008/12/12 12:23:17 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2008/12/12 12:22:04 | 03,686,454 | ---- | M] () -- C:\WINNT\Webshots for King Ruberous.bmp

[2008/12/12 12:21:02 | 00,000,307 | ---- | M] () -- C:\WINNT\powerplayer.ini

[2008/12/12 12:20:59 | 00,000,113 | ---- | M] () -- C:\WINNT\PPSMediaList.ini

[2008/12/12 12:20:54 | 03,207,333 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000004-00581102}.CDF

[2008/12/12 12:20:54 | 03,207,333 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000004-00581102}.BAK

[2008/12/12 12:20:39 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn

[2008/12/12 12:20:32 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2008/12/12 12:20:30 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2008/12/12 12:20:29 | 53,567,8976 | -HS- | M] () -- C:\hiberfil.sys

[2008/12/11 13:38:56 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\King Ruberous\Desktop\OTListIt.exe

[2008/12/11 13:37:38 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\King Ruberous\Desktop\HJTInstall.exe

[2008/12/10 23:53:15 | 00,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/12/10 16:55:24 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\King Ruberous\Desktop\FixIT.exe

[2008/12/09 22:45:11 | 00,000,347 | ---- | M] () -- C:\Documents and Settings\King Ruberous\Desktop\My Documents.lnk

[2008/12/09 21:03:03 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\King Ruberous\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/06 00:03:50 | 00,023,304 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx

[2008/12/06 00:03:50 | 00,023,304 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx

[2008/12/06 00:03:50 | 00,018,648 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx

[2008/12/06 00:03:50 | 00,018,648 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx

[2008/12/06 00:03:50 | 00,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm

[2008/12/06 00:03:50 | 00,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm

[2008/12/06 00:03:50 | 00,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat

[2008/12/06 00:03:50 | 00,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat

[2008/12/05 23:55:41 | 00,001,409 | ---- | M] () -- C:\WINNT\QTFont.for

[2008/12/05 20:22:36 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINNT\System32\drivers\pctfw2.sys

[2008/12/03 19:53:40 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2008/12/03 19:53:36 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2008/12/02 20:34:48 | 00,053,960 | ---- | M] () -- C:\WINNT\System32\cont_addestination-remove.exe

[2008/12/02 16:38:11 | 00,381,546 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2008/12/02 16:38:11 | 00,053,254 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2008/12/02 16:38:10 | 00,440,568 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI

[2008/12/02 16:36:07 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk

[2008/12/02 10:06:52 | 00,678,912 | ---- | M] () -- C:\WINNT\System32\nsm21.dll

[2008/12/02 03:02:11 | 00,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK

[2008/12/01 03:07:30 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\King Ruberous\My Documents\desktop.ini

[2008/11/29 16:53:33 | 00,068,395 | ---- | M] () -- C:\WINNT\System32\tbbkwzeiiejsf.dll-uninst.exe

[2008/11/29 09:01:24 | 00,002,479 | ---- | M] () -- C:\Documents and Settings\King Ruberous\Desktop\Microsoft Word.lnk

[2008/11/28 11:29:48 | 00,592,384 | ---- | M] () -- C:\WINNT\System32\tbbkwzeiiejsf.dll

[2008/11/28 10:04:09 | 00,047,593 | ---- | M] () -- C:\WINNT\System32\izgfgfljtvkdd.exe

[2008/11/27 04:57:36 | 00,365,056 | ---- | M] () -- C:\WINNT\System32\jumifimvlqvmanu.dll

[2008/11/23 14:34:20 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\King Ruberous\Start Menu\Programs\Startup\PPS.lnk

[2008/11/23 14:34:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\King Ruberous\Desktop\PPStream.lnk

[2008/11/20 20:00:04 | 00,044,959 | ---- | M] () -- C:\EasyShare.dmp

[2008/11/17 10:54:24 | 00,566,352 | ---- | M] () -- C:\Documents and Settings\King Ruberous\My Documents\QDATA.QDF

[2008/11/17 10:54:24 | 00,006,814 | ---- | M] () -- C:\Documents and Settings\King Ruberous\My Documents\QDATA.QSD

[2008/11/17 10:54:24 | 00,000,023 | ---- | M] () -- C:\Documents and Settings\King Ruberous\My Documents\Q3.DIR

[2008/11/17 10:53:46 | 00,001,130 | ---- | M] () -- C:\WINNT\QUICKEN.INI

< End of report >

Extra.txt document

OTListIt Extras logfile created on: 12/12/2008 12:27:44 PM - Run

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\King Ruberous\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.80 Mb Total Physical Memory | 70.17 Mb Available Physical Memory | 13.74% Memory free

1.22 Gb Paging File | 0.56 Gb Available in Paging File | 46.29% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 36.18 Gb Free Space | 48.55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 339.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 42.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 982.72 Mb Total Space | 180.75 Mb Free Space | 18.39% Space Free | Partition Type: FAT

Drive H: | 465.64 Gb Total Space | 465.26 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: NED

Current User Name: King Ruberous

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater

File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader

[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

[2007/12/23 23:02:06 | 02,179,072 | ---- | M] (Zhejiang University) -- C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts

[2008/11/20 21:40:12 | 02,470,264 | ---- | M] (PPStream Inc.) -- C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS

Link to post
Share on other sites

Greetings and welcome. Please follow the instructions in AdvancedSetup's post here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969

Then read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.