Newbie
Oops! Sorry about that, it seems like it's not redirecting me to spam sites anymore! awesome!
thank you so much!
Senior Member
Good news, but we're not done yet.
We have to make sure, your computer is 100% clean.
However, I'm going to bed now, so I'll reply back tomorrow
Newbie
No problem! You've done more than enough already! Thank you again
Senior Member
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: c:\windows\Nbofafeboc.bin c:\windows\Ccecireyiluyir.dat c:\windows\system32\wbdbasei.dll c:\windows\Internet Logs\xDB1.tmp c:\windows\Internet Logs\xDB2.tmp c:\windows\Internet Logs\xDB3.tmp c:\windows\Internet Logs\xDB4.tmp c:\windows\Internet Logs\xDB5.tmp c:\windows\Internet Logs\xDB6.tmp c:\windows\Internet Logs\xDB183.tmp Folder:: c:\documents and settings\fefemama\Local Settings\Application Data\ifrwjdmpt FCopy:: c:\windows\system32\VITrans\explorer.exe | c:\windows\explorer.exe c:\windows\system32\VITrans\explorer.exe | c:\windows\SoftwareDistribution\Download\e9500597a 78495f397efb821e37bf356\explorer.exe Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=-
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Newbie
ComboFix 10-07-24.06 - fefemama 07/26/2010 14:09:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.690 [GMT -7:00]
Running from: c:\documents and settings\fefemama\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fefemama\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\Ccecireyiluyir.dat"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB183.tmp"
"c:\windows\Internet Logs\xDB2.tmp"
"c:\windows\Internet Logs\xDB3.tmp"
"c:\windows\Internet Logs\xDB4.tmp"
"c:\windows\Internet Logs\xDB5.tmp"
"c:\windows\Internet Logs\xDB6.tmp"
"c:\windows\Nbofafeboc.bin"
"c:\windows\system32\wbdbasei.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\fefemama\Local Settings\Application Data\ifrwjdmpt
c:\windows\Ccecireyiluyir.dat
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB183.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB4.tmp
c:\windows\Internet Logs\xDB5.tmp
c:\windows\Internet Logs\xDB6.tmp
c:\windows\Nbofafeboc.bin
c:\windows\system32\wbdbasei.dll
.
--------------- FCopy ---------------
c:\windows\system32\VITrans\explorer.exe --> c:\windows\explorer.exe
c:\windows\system32\VITrans\explorer.exe --> c:\windows\SoftwareDistribution\Download\e9500597a 78495f397efb821e37bf356\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.
2010-07-20 21:25 . 2010-07-20 21:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-18 03:31 . 2010-07-18 03:31 -------- d-----w- c:\documents and settings\fefemama\Application Data\Toribash
2010-07-13 00:18 . 2010-07-26 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-13 00:18 . 2010-07-13 00:18 -------- d-----w- c:\documents and settings\fefemama\Application Data\Yahoo!
2010-07-13 00:18 . 2010-07-13 00:18 -------- d-----w- c:\program files\Yahoo!
2010-07-12 22:22 . 2010-07-12 22:22 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-09 13:56 . 2010-01-22 16:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-09 13:56 . 2010-01-22 16:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-09 13:56 . 2008-11-26 19:08 131 ----a-w- c:\windows\IDB.zip
2010-07-09 13:56 . 2010-01-22 16:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-09 13:56 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-09 13:56 . 2009-10-28 08:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-09 13:55 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-09 13:55 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-09 13:55 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-09 13:55 . 2010-04-08 21:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-09 13:55 . 2010-07-12 23:11 -------- d-----w- c:\program files\Spyware Doctor
2010-07-09 13:55 . 2010-07-09 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-09 13:55 . 2010-07-09 13:55 -------- d-----w- c:\documents and settings\fefemama\Application Data\PC Tools
2010-07-09 13:55 . 2010-07-09 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-09 13:47 . 2010-07-09 13:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-07-09 10:43 . 2010-07-09 10:43 -------- d-----w- c:\documents and settings\fefemama\Application Data\Malwarebytes
2010-07-09 10:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 10:42 . 2010-07-09 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 10:42 . 2010-07-09 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-26 20:43 . 2008-07-09 23:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-26 10:06 . 2010-03-14 10:14 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
2010-07-26 10:06 . 2010-03-14 10:14 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
2010-07-26 10:03 . 2008-12-21 00:03 -------- d-----w- c:\documents and settings\fefemama\Application Data\foobar2000
2010-07-26 09:49 . 2008-02-12 05:10 -------- d-----w- c:\documents and settings\fefemama\Application Data\.purple
2010-07-25 17:18 . 2008-02-12 03:44 -------- d-----w- c:\program files\PeerGuardian2
2010-07-25 03:07 . 2008-02-25 05:10 -------- d-----w- c:\documents and settings\fefemama\Application Data\uTorrent
2010-07-23 23:48 . 2008-02-11 16:51 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2010-07-23 04:59 . 2008-02-15 06:33 -------- d-----w- c:\documents and settings\fefemama\Application Data\gtk-2.0
2010-07-15 08:15 . 2008-02-12 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-13 00:19 . 2010-01-16 02:34 -------- d-----w- c:\documents and settings\fefemama\Application Data\Media Player Classic
2010-07-13 00:18 . 2010-01-16 04:55 -------- d-----w- c:\program files\CCleaner
2010-07-10 17:12 . 2010-07-10 17:12 2865298 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-09 07:55 . 2008-02-12 04:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-09 07:17 . 2010-07-09 07:17 146352 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_07_09_00_15_13_small.dmp.zip
2010-06-15 17:43 . 2008-12-23 04:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 23:51 . 2010-06-11 23:51 3055600 ----a-w- c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 23:36 . 2010-06-11 23:36 275952 ----a-w- c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgoogletalk.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-26_00.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-26 20:43 . 2010-07-26 20:43 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2007-07-22 12:08 . 2007-07-22 12:08 1033216 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-19 1421824]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Google Update"="c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"WINDVDPatch"="CTHELPER.EXE" [2003-08-28 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-02 148888]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-14 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-05-16 86016]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-22 981904]
"CTHelper"="CTHELPER.EXE" [2003-08-28 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.e xe" [2004-08-04 44544]
"IE7-10"="advpack.dll" [2008-12-20 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=diomidi.dll
"wave1"=Digi32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\klmdb.sys]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^fefemama^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\fefemama\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-07 06:11 133104 ----atw- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
2004-09-20 09:27 65536 ----a-w- c:\program files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-19 00:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
2008-11-14 18:33 69632 ----a-w- c:\program files\ViOrb\ViOrb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]
2008-11-15 05:57 131778 ----a-w- c:\program files\Vista Rainbar\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
2008-11-12 19:28 602112 ----a-w- c:\program files\ViStart\ViStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
2007-04-25 17:45 956928 ----a-w- c:\program files\VisualTooltip\VisualToolTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\fefemama\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\fefemama\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/9/2010 6:55 AM 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/9/2010 6:56 AM 112592]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [12/29/2008 6:41 PM 185183]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2008 3:33 PM 639224]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [11/25/2008 7:04 PM 105472]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/9/2010 6:55 AM 366840]
--- Other Services/Drivers In Memory ---
*Deregistered* - pgfilter
.
Contents of the 'Scheduled Tasks' folder
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003Core.job
- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 06:11]
2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003UA.job
- c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 06:11]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\fefemama\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\fefemama\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-26 14:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\cscui.dll
.
Completion time: 2010-07-26 14:24:46
ComboFix-quarantined-files.txt 2010-07-26 21:24
ComboFix2.txt 2010-07-26 00:42
Pre-Run: 2,484,989,952 bytes free
Post-Run: 2,459,267,072 bytes free
- - End Of File - - E1CD753FE8D7E514A495B1A7BC92E980
Senior Member
Looks good
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================== =======
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Newbie
Woops! Didn't see the that part. here you are
OTL logfile created on: 7/28/2010 11:47:23 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\fefemama\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 2.25 Gb Free Space | 12.09% Space Free | Partition Type: NTFS
Drive D: | 18.63 Gb Total Space | 3.00 Gb Free Space | 16.12% Space Free | Partition Type: NTFS
Drive E: | 18.63 Gb Total Space | 9.75 Gb Free Space | 52.32% Space Free | Partition Type: NTFS
Drive F: | 20.44 Gb Total Space | 4.61 Gb Free Space | 22.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PEPESCARPET
Current User Name: fefemama
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/28 23:33:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fefemama\Desktop\OTL.exe
PRC - [2010/01/22 0924 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/21 21:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/08/21 21:41:32 | 000,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:39:20 | 000,049,152 | ---- | M] (artArmin) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
PRC - [2007/07/22 05:08:28 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/26 10:02:00 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0330Mon.exe
PRC - [2005/10/26 0050 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2005/09/18 19:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2003/08/28 09:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
========== Modules (SafeList) ==========
MOD - [2010/07/28 23:33:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fefemama\Desktop\OTL.exe
MOD - [2007/07/22 04:57:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/08/28 09:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
========== Win32 Services (SafeList) ==========
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09
SRV - [2008/08/21 21:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/03/14 20:31:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/10/26 00
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\fefemama\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/08/21 21:41:40 | 000,353,680 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/21 08:19:58 | 000,051,648 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/03/03 15:33:14 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/20 00:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/07/22 05:14:09 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2007/04/09 09
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/27 22:04:18 | 000,185,183 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0330Vid.sys -- (V0330VID)
DRV - [2005/10/25 23:12:06 | 000,105,472 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2005/09/27 09:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/09/18 19:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 02:53:20 | 000,186,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2003/09/19 02:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/08/28 09:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2003/08/28 09:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/08/28 09:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2003/08/28 09:24:06 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/28 09:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/08/28 09:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/17 05:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 05:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 05:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 05:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - HKLM\software\mozilla\Firefox\Extensions\\{5F721A0 D-808A-4E22-9A58-FEBBF224EB17}: C:\Documents and Settings\fefemama\Local Settings\Application Data\{5F721A0D-808A-4E22-9A58-FEBBF224EB17}
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 19:20:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/20 19:16:47 | 000,000,000 | ---D | M]
[2009/01/20 02:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Extensions
[2010/07/28 23:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\ext ensions
[2008/02/11 22
[2008/02/11 21:18:39 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\ext ensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2008/08/14 22:22:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\ext ensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/07/17 22:08:22 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\sea rchplugins\facebook.xml
[2008/08/17 18:29:37 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\fefemama\Application Data\Mozilla\Firefox\Profiles\g8bi8ed7.default\sea rchplugins\wikipedia-en.xml
[2010/07/28 23:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/07/26 14:19:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10...I.cab55579.cab (StagingUI Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10...t.cab55579.cab (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames...e.cab75406.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10...y.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\fefemama\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\fefemama\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/11 18:02:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI1 - C:\WINDOWS\System32\Diomidi.DLL (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/28 23:33:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fefemama\Desktop\OTL.exe
[2010/07/28 14:42:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/27 00:39:47 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/25 17
[2010/07/25 17:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/24 15:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\My Documents\EA Games
[2010/07/24 13:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Desktop\dubstep
[2010/07/17 20:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Application Data\Toribash
[2010/07/14 23:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/14 03:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/13 01:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/12 17:20:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fefemama\Recent
[2010/07/12 17:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/07/12 17:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Application Data\Yahoo!
[2010/07/12 17:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/07/12 15:22:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/10 21:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Desktop\New Folder (3)
[2010/07/10 10:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Desktop\Spyware Doctor v7.0.0.545 + New-Serial -TrT
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06:55:36 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/07/09 06:55:21 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/07/09 06:55:21 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/07/09 06:55:12 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/07/09 06:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/07/09 06:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/07/09 06:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Application Data\PC Tools
[2010/07/09 06:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/07/09 06:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/07/09 06:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/09 03:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Application Data\Malwarebytes
[2010/07/09 03:42:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 03:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/09 03:42:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 03:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/09 03:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Desktop\New Folder
[2010/07/09 03:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/13 23:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fefemama\Desktop\New Folder (2)
[2010/03/13 01:32:51 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/28 23:47:10 | 003,375,093 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000002-80271102}.CDF
[2010/07/28 23:33:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fefemama\Desktop\OTL.exe
[2010/07/28 23:19:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003UA.job
[2010/07/28 22:29:44 | 000,183,555 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/28 21:45:58 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\fefemama\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 21:41:07 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\fefemama\NTUSER.DAT
[2010/07/28 21:37:47 | 000,352,606 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/28 21:37:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 21:37:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 21:36:36 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000002-80271102}.rfx
[2010/07/28 21:36:36 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000002-80271102}.rfx
[2010/07/28 21:36:36 | 000,016,784 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000002-80271102}.rfx
[2010/07/28 21:36:36 | 000,016,784 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000002-80271102}.rfx
[2010/07/28 21:36:36 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/07/28 21:36:36 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/07/28 21:36:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
[2010/07/28 21:36:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000002-80271102}.dat
[2010/07/28 21:36:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\fefemama\ntuser.ini
[2010/07/28 21:34:43 | 003,375,093 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000002-80271102}.BAK
[2010/07/28 20:19:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-725345543-1801674531-1003Core.job
[2010/07/28 19:04:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/27 03:06:00 | 002,640,426 | -H-- | M] () -- C:\Documents and Settings\fefemama\Local Settings\Application Data\IconCache.db
[2010/07/27 00:40:47 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\fefemama\.recently-used.xbel
[2010/07/26 22:47:41 | 000,032,849 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\GRADUATION SCRIPT2.docx
[2010/07/26 14:20:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/26 14:19:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/25 17
[2010/07/25 10:22:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\dp4zhxem.exe
[2010/07/25 02:04:48 | 077,670,435 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\kidssoundtrack.zip
[2010/07/24 15:09:56 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\Razor.lnk
[2010/07/24 15:09:41 | 000,810,326 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\Razor_Latest.exe
[2010/07/24 15:06:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\Ultima Online Stygian Abyss Classic.lnk
[2010/07/24 14:55:32 | 927,333,126 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\UOSAClassic_7_0_3_0.exe
[2010/07/22 22:01:01 | 001,987,450 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\harold.gif
[2010/07/20 14:25:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/14 03:07:35 | 000,000,591 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/14 03:07:35 | 000,000,321 | ---- | M] () -- C:\Boot.bak
[2010/07/12 17:18:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\CCleaner.lnk
[2010/07/12 15:51:44 | 000,001,184 | RHS- | M] () -- C:\Documents and Settings\fefemama\ntuser.pol
[2010/07/10 10:53:24 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/10 10:16:47 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/09 03:43:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 02:50:45 | 000,000,125 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/02 20:30:27 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\fefemama\Desktop\Shortcut to LFS.exe.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/27 00:40:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\fefemama\.recently-used.xbel
[2010/07/26 22:47:40 | 000,032,849 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\GRADUATION SCRIPT2.docx
[2010/07/25 17
[2010/07/25 17
[2010/07/25 10:22:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\dp4zhxem.exe
[2010/07/25 02:00:40 | 077,670,435 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\kidssoundtrack.zip
[2010/07/24 15:09:56 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\Razor.lnk
[2010/07/24 15:09:40 | 000,810,326 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\Razor_Latest.exe
[2010/07/24 15:06:49 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\Ultima Online Stygian Abyss Classic.lnk
[2010/07/24 14:45:41 | 927,333,126 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\UOSAClassic_7_0_3_0.exe
[2010/07/22 21:59:53 | 001,987,450 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\harold.gif
[2010/07/20 14:25:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/13 01:39:03 | 003,375,093 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000004-00001102-00000002-80271102}.BAK
[2010/07/12 15:24:09 | 000,001,184 | RHS- | C] () -- C:\Documents and Settings\fefemama\ntuser.pol
[2010/07/10 10:53:24 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/07/10 10:16:45 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06
[2010/07/09 06:55:36 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/07/09 06:55:21 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/07/09 06:55:21 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/07/09 06:55:12 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/07/09 06:48:09 | 000,005,120 | -HS- | C] () -- C:\Documents and Settings\fefemama\Thumbs.db
[2010/07/09 03:43:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/09 02:50:45 | 000,000,125 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/02 20:30:31 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\fefemama\Desktop\Shortcut to LFS.exe.lnk
[2010/03/13 01:32:56 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010/03/13 01:32:56 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/06/12 14:32:43 | 000,000,600 | ---- | C] () -- C:\WINDOWS\dmw.ini
[2008/09/20 00:30:43 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\RashProp.dll
[2008/09/20 00:30:42 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\RashIcon.dll
[2008/02/11 21:15:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/02/11 20:12:08 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/02/11 20:12:07 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/02/11 20:11:42 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/02/11 20:11:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/12/05 02:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
========== LOP Check ==========
[2008/05/22 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/04/14 16:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/03/16 16:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/04/14 18:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2008/11/25 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/07/28 21:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/07/28 23:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\.purple
[2010/01/15 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\BSplayer
[2008/05/03 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\BSplayer Pro
[2009/10/12 21:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\Canon
[2010/07/28 23:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\foobar2000
[2010/07/26 22:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\gtk-2.0
[2008/05/06 21:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\MailFrontier
[2010/04/18 21
[2008/11/25 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\PACE Anti-Piracy
[2008/02/11 20:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\Styler
[2010/07/24 20:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\uTorrent
[2009/01/18 01:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fefemama\Application Data\ViStart
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/12/31 10:45:26 | 000,064,856 | ---- | M] () -- C:\84_rock.ttf
[2008/02/11 18:02:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/14 03:07:35 | 000,000,321 | ---- | M] () -- C:\Boot.bak
[2010/07/25 17
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/26 14:24:48 | 000,015,812 | ---- | M] () -- C:\ComboFix.txt
[2008/11/16 00:31:28 | 000,608,448 | ---- | M] (Microsoft Corporation) -- C:\COMCTL32.OCX
[2008/11/16 00:31:36 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\COMDLG32.OCX
[2008/02/11 18:02:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/02/11 18:02:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/03/05 15:36:26 | 000,081,212 | ---- | M] () -- C:\Marcsc___.ttf
[2007/02/09 11:14:20 | 000,115,308 | ---- | M] () -- C:\MARCS___.ttf
[2008/02/11 18:02:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/10/20 17:02:02 | 000,041,416 | ---- | M] () -- C:\OptimusPrinceps.ttf
[2004/10/20 17:01:52 | 000,057,296 | ---- | M] () -- C:\OptimusPrincepsSemiBold.ttf
[2010/07/28 21:37:25 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2003/02/09 00:50:06 | 000,059,852 | ---- | M] () -- C:\PARTYBALLOONS.TTF
[2007/08/25 11:54:36 | 000,074,632 | ---- | M] () -- C:\PartybyTom.TTF
[2009/03/14 16:31:26 | 000,002,541 | ---- | M] () -- C:\rollback.ini
[2008/06/05 13:22:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/06 12:52:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/06/07 13:11:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/06/08 12:52:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/06/09 14:08:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/06/05 13:22:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/06 12:52:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/06/07 13:11:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/06/08 12:52:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/06/09 14:08:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/23 16:45:44 | 000,001,978 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_23.07.2010_16.45.17_log.txt
[2010/07/23 16:46:55 | 000,042,168 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_23.07.2010_16.46.18_log.txt
[2008/02/11 21:01:55 | 000,000,912 | ---- | M] () -- C:\zap.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/01/17 13:19:16 | 001,572,864 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/17 21:00:08 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/01/17 13:19:16 | 024,903,680 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/17 13:19:16 | 005,767,168 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2007/07/22 04:57:24 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0v3CFJZjj >
Invalid Switch: 68879-active-google-redirecting-again-2.html#ixzz0v3CFJZjj
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL Extras logfile created on: 7/28/2010 11:47:23 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\fefemama\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 2.25 Gb Free Space | 12.09% Space Free | Partition Type: NTFS
Drive D: | 18.63 Gb Total Space | 3.00 Gb Free Space | 16.12% Space Free | Partition Type: NTFS
Drive E: | 18.63 Gb Total Space | 9.75 Gb Free Space | 52.32% Space Free | Partition Type: NTFS
Drive F: | 20.44 Gb Total Space | 4.61 Gb Free Space | 22.55% Space Free | Partition Type: NTFS
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PEPESCARPET
Current User Name: fefemama
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet
"2869:TCP" = 2869:TCP:LocalSubNet
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:T rueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\fefemama\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\fefemama\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\fefemama\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\fefemama\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A7B28CF-6BE3-11D6-A285-00A0CC51B2FE}" = Sound Blaster Live! Web 2K/XP
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}" = InterLok Driver Kit
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 7.0
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.02.02.00)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Vista User's Guide English" = Creative WebCam Vista User's Guide (English)
"DDXL" = DDXL
"DiskPatch_is1" = DIY DataRecovery DiskPatch 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"LastFM_is1" = Last.fm 1.4.2.59470
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"RoadRash" = RoadRash
"Spyware Doctor" = Spyware Doctor 7.0
"SysInfo" = Creative System Information
"Trials 2 SE" = Trials 2 Second Edition
"Ultima Online Stygian Abyss Classic" = Ultima Online Stygian Abyss Classic
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm Pro" = ZoneAlarm Pro
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/23/2010 3:10:42 AM | Computer Name = PEPESCARPET | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 7/23/2010 3:10:43 AM | Computer Name = PEPESCARPET | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/23/2010 3:10:43 AM | Computer Name = PEPESCARPET | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 7/23/2010 3:10:46 AM | Computer Name = PEPESCARPET | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 7/23/2010 5:24:00 AM | Computer Name = PEPESCARPET | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 7/25/2010 1:20:47 AM | Computer Name = PEPESCARPET | Source = Application Error | ID = 1000
Description = Faulting application lfs.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00010f2b.
Error - 7/25/2010 1:25:52 AM | Computer Name = PEPESCARPET | Source = Application Error | ID = 1000
Description = Faulting application lfs.exe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.2180, fault address 0x00011c20.
Error - 7/25/2010 3
Description =
Error - 7/28/2010 6
Description =
Error - 7/29/2010 12:19:05 AM | Computer Name = PEPESCARPET | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 7/28/2010 6:00:17 PM | Computer Name = PEPESCARPET | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TRISTAN-NCMIR that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{D5E205E2-290D-. The master browser is stopping or an election is being
forced.
Error - 7/28/2010 9:35:05 PM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/28/2010 9:35:06 PM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 7/28/2010 9:35:22 PM | Computer Name = PEPESCARPET | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 7/28/2010 9:38:02 PM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/28/2010 9:38:03 PM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 7/28/2010 9:38:19 PM | Computer Name = PEPESCARPET | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 7/29/2010 12:38:04 AM | Computer Name = PEPESCARPET | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 7/29/2010 12:38:06 AM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 7/29/2010 12:38:10 AM | Computer Name = PEPESCARPET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
< End of report >
Senior Member
You're running low on C drive free space:
================================================== =============Drive C: | 18.63 Gb Total Space | 2.25 Gb Free Space | 12.09% Space Free
Update your Java version here: Verify Java Version
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== ==========
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F4D76F09-7896-458A-890F-E1F05C46069F} - No CLSID value found. O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] @Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" =- :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
