sarasara

Hi Starbuck, Just finished al that and my PC s rip-roaring again. Now i just have to be careful to keep it that way. you've been really great, Thanks very much indeed, regards, sara

Hi Starbuck, I had a lighting strike yesterday which blew my modem and had to call out a PC engineer. He has sorted out the problems and believes a trojan caused the task manager/msconfig issues. He was unable to ascertain if the trojan is still present in some form given all the tests already run. So looks like all is well again. Thanks very much for all your help which I greatly appreciated. sara :)

Hi Starbuck, It came with XP pre-installed but a PC engineer who was out on a call installed Windows 7 on the free drive in the hope of getting me uptodate but it has never has never been used. So I presume XP is on C? I had to 'Configure Your Computer to Boot from CD' and I assigned it to C. Now that is a difficult one to work out as I got it built to order from a company that makes gaming computers called Beast: http://www.beastcomputers.co.uk/index.php and all I can see is that the case is made by Hiper. If there is any way I can locate further info please advise. I no longer have the original documentation as I bought it on 09/01/09, but I cant remember any other name apart from 'Beast' being listed. I only have the purchase agreement from the loan company which lists no details. Thanks again, sara

Hi Starbuck, MS Windows XP Professional ed Version 2002 SP3 Intel core 2 duo CPU E8400@300GHz 3.00 GHz, 3.oo, GB Physical Address Extension XP is installed on C drive and Windows 7 (which I have never accessed as I prefer XP) on D drive.

Hi Starbuck, Made progress in assigning the CD drive and then started. Firstly it appears that there are a number of differing menus that can appear with different makes of PCs so I am not seeing exactly what the instructions are showing. I got to the point where it asked me to select the hardrive and it gave me the options: 1: C 2: D Press ENTER to esc. I tried using the up down arrows to select C but no joy so I typed 1but no response so I pressed ENTER and accessed the exit menu. So grateful if you might advise. Thanks, sara :)

Thank you so much Starbuck. I'll run it tomorrow :) and I'll update.

Thanks Starbuck, Can I ask one question before I start? It looks fairly technical so I will do my best to get it right but what must I do to ensure I dont lose any files or programmes? Do I have to buy a memory stick or cds? Or does the installation either safely bypass or save data?

Hi Starbuck, Nope, that problem still exists (just re-tested) And I only get the bottom of Task Manager showing. :)

Hi Starbuck, I ran that scan twice and a window appeared with a blue bar filling, on both occasions when the box had filled the program just shut down, it gave me no feedback. Thanks again, sara :)

Hi Starbuck, recieved the correct XP discs and will await your instructions before loading. Thanks, sara :)

Hi Starbuck, Just received the software. It is for Dell computers only, something the vendor forgot to point out. So I will come back again and order another from elsewhere. Youtube problem was internal youtube bug....I hope. sara :)

Thanks Starbuck for all your asistance so far. If it's ok could you keep the thread open and after the software arrives I'll come back? :)

Hi Starbuck, What if I were to buy the software? I can try for it on amazon or ebay. Thanks, sara :)

Hi Starbuck, Youtube sound has gone gain about an hour ago :confused: Report: OTL logfile created on: 20/04/2011 18:04:53 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop\OTL Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 244.14 Gb Total Space | 205.58 Gb Free Space | 84.20% Space Free | Partition Type: NTFS Drive D: | 221.61 Gb Total Space | 197.32 Gb Free Space | 89.04% Space Free | Partition Type: NTFS Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\User\Desktop\OTL\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\guard32.dll (COMODO) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) ========== Win32 Services (SafeList) ========== SRV - (wscsvc) -- File not found SRV - (HidServ) -- File not found SRV - (Cleaner_Validator) -- File not found SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (SynchronizationService.exe) -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe () SRV - (COSService.exe) -- C:\Program Files\COMODO\COMODO BackUp\COSService.exe () SRV - (CPMService) -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe () ========== Driver Services (SafeList) ========== DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO) DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO) DRV - (bdisk) -- C:\WINDOWS\system32\drivers\bdisk.sys () DRV - (CBUfs) -- C:\WINDOWS\system32\drivers\CBUFS.sys (COMODO Security Solutions Inc.) DRV - (cbvd) -- C:\WINDOWS\system32\DRIVERS\cbvd.sys () DRV - (vdbus) -- C:\WINDOWS\system32\drivers\vdbus.sys () DRV - (reparse) -- C:\WINDOWS\system32\drivers\cbreparse.sys (Windows ® Win 7 DDK provider) DRV - (cumon) -- C:\WINDOWS\system32\drivers\cumon.sys (Windows ® Win 7 DDK provider) DRV - (Evdd) -- C:\WINDOWS\system32\drivers\evdd.sys () DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.hamsterstart.com/?cfg=2-475-0-0&engine_id=3&provider_id=3&product_id=475&country=GB" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1 FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "http://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/16 15:01:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 15:01:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 18:27:30 | 000,000,000 | ---D | M] [2010/04/12 02:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2010/04/13 17:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions [2010/04/12 02:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/01/16 14:14:35 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\searchplugins\yahoo-zugo.xml [2011/02/21 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/28 17:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c} [2010/09/27 13:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 20:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/16 10:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/02/21 18:46:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\DAP\DAPFIREFOX [2010/09/27 13:20:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/13 17:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/04/18 22:01:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll () O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271176277750 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/13 17:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/06/27 11:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008/07/31 17:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/20 18:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\OTL [2011/04/20 00:02:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent [2011/04/19 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit [2011/04/19 23:12:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/04/19 22:44:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/04/19 22:44:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/04/19 22:44:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/04/19 22:44:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/04/19 22:43:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/04/19 22:07:05 | 000,508,416 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\User\My Documents\SysInfo.exe [2011/04/19 21:36:03 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\IE8-WindowsXP-x86-ENU.exe [2011/04/19 11:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/04/19 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/04/19 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/04/19 11:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/04/18 22:00:38 | 000,000,000 | ---D | C] -- C:\_OTL [2011/04/18 21:59:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_2.scr [2011/04/18 21:55:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_1.scr [2011/04/16 16:07:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr [2011/04/16 11:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2011/04/16 11:25:30 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe [2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll [2011/03/30 18:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Chernobyl Demo [2011/03/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Chernobyl Demo [2011/03/27 00:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Help [2011/03/26 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free FLV Converter [2011/03/26 00:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2006/12/12 10:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2006/12/12 10:34:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE [5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/20 18:04:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job [2011/04/20 18:04:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job [2011/04/20 18:02:11 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011/04/20 17:24:21 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job [2011/04/20 17:23:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/20 17:22:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/20 16:35:03 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx [2011/04/20 16:35:03 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx [2011/04/20 16:35:03 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx [2011/04/20 16:35:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011/04/20 16:35:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011/04/20 12:19:32 | 020,634,026 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.avi [2011/04/20 12:16:29 | 016,504,881 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.flv [2011/04/20 11:09:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI [2011/04/20 11:08:16 | 000,009,298 | ---- | M] () -- C:\Documents and Settings\User\My Documents\DHL E-Returns (Confirmation).htm [2011/04/20 10:38:38 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Amazon.co.uk - Returns Support Centre.url [2011/04/20 00:01:15 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI [2011/04/19 22:42:08 | 004,324,798 | R--- | M] () -- C:\Documents and Settings\User\My Documents\Combo-Fix.exe [2011/04/19 22:34:05 | 004,324,798 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ComboFix.exe.dap [2011/04/19 22:09:01 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free Email Account, 3GB Storage, Spam and Virus Protection at Mail.com.url [2011/04/19 22:07:43 | 000,508,416 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\User\My Documents\SysInfo.exe [2011/04/19 21:58:21 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Computer Support Forums - FreePCHelp.co.uk.url [2011/04/19 21:51:44 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tech PC Forums • Index page.url [2011/04/19 21:41:50 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\IE8-WindowsXP-x86-ENU.exe [2011/04/19 18:13:09 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Who is our Enemy.url [2011/04/19 13:53:21 | 008,937,635 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Allen West Whacks CAIR.flv [2011/04/19 12:08:02 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/04/18 22:01:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2011/04/18 21:59:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_2.scr [2011/04/18 21:56:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_1.scr [2011/04/18 21:35:59 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/18 19:48:23 | 005,572,722 | ---- | M] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.avi [2011/04/18 19:46:25 | 006,324,309 | ---- | M] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.flv [2011/04/18 14:21:34 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\User\Desktop\123mail.org.url [2011/04/16 21:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/04/16 20:41:38 | 005,743,318 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.avi [2011/04/16 16:07:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr [2011/04/16 11:26:24 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe [2011/04/15 21:45:06 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url [2011/04/14 19:05:47 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/14 19:05:47 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/14 18:38:26 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url [2011/04/14 18:37:43 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url [2011/04/14 13:54:37 | 000,002,663 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Vision 10.lnk [2011/04/14 00:09:32 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url [2011/04/12 22:11:13 | 013,612,043 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv [2011/04/10 23:33:30 | 001,662,744 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi [2011/04/10 23:30:40 | 001,437,010 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv [2011/04/10 20:04:48 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url [2011/04/10 17:27:18 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv [2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv [2011/04/09 20:50:41 | 007,812,812 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi [2011/04/09 20:48:56 | 009,526,465 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv [2011/04/09 18:57:49 | 862,688,736 | ---- | M] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap [2011/04/09 12:59:38 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url [2011/04/08 23:49:18 | 013,179,592 | ---- | M] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe [2011/04/08 15:46:40 | 036,317,780 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi [2011/04/08 13:13:34 | 026,107,199 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv [2011/04/07 21:33:26 | 034,395,498 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi [2011/04/07 21:17:20 | 024,011,538 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv [2011/04/07 13:24:55 | 098,232,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi [2011/04/07 13:19:15 | 094,871,351 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv [2011/04/06 22:19:31 | 002,796,296 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi [2011/04/06 22:14:19 | 005,771,142 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv [2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll [2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll [2011/04/05 23:17:26 | 050,597,560 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi [2011/04/05 22:58:37 | 077,343,310 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi [2011/04/05 21:12:14 | 024,853,090 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv [2011/04/05 18:11:02 | 112,503,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi [2011/04/03 21:01:37 | 006,201,531 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv [2011/04/02 14:08:10 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url [2011/04/01 20:57:09 | 004,254,288 | ---- | M] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3 [2011/04/01 20:00:21 | 141,598,029 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv [2011/04/01 15:05:47 | 027,691,266 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi [2011/04/01 15:02:26 | 025,972,649 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv [2011/04/01 14:14:56 | 006,331,196 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv [2011/03/30 21:29:56 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url [2011/03/30 19:17:28 | 058,406,226 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi [2011/03/30 18:24:21 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk [2011/03/30 11:35:07 | 1902,021,466 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap [2011/03/30 10:53:01 | 012,788,954 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi [2011/03/29 22:02:42 | 002,137,762 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi [2011/03/29 22:01:07 | 003,263,220 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv [2011/03/29 18:39:53 | 006,298,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi [2011/03/29 18:30:26 | 009,997,336 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv [2011/03/29 16:23:08 | 020,603,566 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi [2011/03/29 14:58:42 | 020,678,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi [2011/03/29 14:22:27 | 016,289,269 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv [2011/03/28 18:55:55 | 061,445,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi [2011/03/28 13:14:54 | 008,835,898 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi [2011/03/26 19:51:07 | 026,568,950 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi [2011/03/26 19:47:25 | 019,486,349 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv [2011/03/26 15:28:37 | 008,992,928 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv [2011/03/26 00:39:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk [2011/03/25 00:09:56 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url [2011/03/24 23:37:38 | 008,524,519 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv [2011/03/23 22:46:13 | 019,800,764 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi [2011/03/22 19:17:23 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html [2011/03/22 18:58:43 | 001,478,110 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv [2011/03/22 13:34:30 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk [2011/03/21 19:26:55 | 1902,019,901 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.exe.dap [5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/20 12:20:05 | 020,634,026 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.avi [2011/04/20 12:16:27 | 016,504,881 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.flv [2011/04/20 11:08:16 | 000,009,298 | ---- | C] () -- C:\Documents and Settings\User\My Documents\DHL E-Returns (Confirmation).htm [2011/04/20 10:38:38 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Amazon.co.uk - Returns Support Centre.url [2011/04/19 22:44:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/04/19 22:44:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/04/19 22:44:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/04/19 22:44:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/04/19 22:44:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/04/19 22:32:18 | 004,324,798 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ComboFix.exe.dap [2011/04/19 21:58:21 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Computer Support Forums - FreePCHelp.co.uk.url [2011/04/19 18:13:07 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Who is our Enemy.url [2011/04/19 16:54:47 | 004,324,798 | R--- | C] () -- C:\Documents and Settings\User\My Documents\Combo-Fix.exe [2011/04/19 13:49:40 | 008,937,635 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Allen West Whacks CAIR.flv [2011/04/19 12:08:02 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2011/04/18 19:48:46 | 005,572,722 | ---- | C] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.avi [2011/04/18 19:46:24 | 006,324,309 | ---- | C] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.flv [2011/04/18 14:21:34 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\User\Desktop\123mail.org.url [2011/04/16 20:42:00 | 005,743,318 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.avi [2011/04/15 21:45:06 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url [2011/04/14 18:38:26 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url [2011/04/14 18:37:43 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url [2011/04/14 00:09:32 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url [2011/04/12 22:06:51 | 013,612,043 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv [2011/04/10 23:33:41 | 001,662,744 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi [2011/04/10 23:30:39 | 001,437,010 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv [2011/04/10 20:04:47 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url [2011/04/10 17:26:49 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv [2011/04/10 17:23:28 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv [2011/04/09 20:51:11 | 007,812,812 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi [2011/04/09 20:43:37 | 009,526,465 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv [2011/04/09 12:59:38 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url [2011/04/08 23:39:37 | 013,179,592 | ---- | C] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe [2011/04/08 22:34:33 | 862,688,736 | ---- | C] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap [2011/04/08 15:46:53 | 036,317,780 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi [2011/04/08 12:48:11 | 026,107,199 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv [2011/04/07 21:33:44 | 034,395,498 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi [2011/04/07 20:58:38 | 024,011,538 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv [2011/04/07 13:25:11 | 098,232,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi [2011/04/07 13:19:10 | 094,871,351 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv [2011/04/06 22:19:42 | 002,796,296 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi [2011/04/06 22:16:01 | 005,771,142 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv [2011/04/05 23:17:52 | 050,597,560 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi [2011/04/05 22:59:46 | 077,343,310 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi [2011/04/05 21:12:12 | 024,853,090 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv [2011/04/05 18:11:17 | 112,503,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi [2011/04/03 20:58:58 | 006,201,531 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv [2011/04/02 14:08:07 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url [2011/04/01 20:54:31 | 004,254,288 | ---- | C] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3 [2011/04/01 20:00:17 | 141,598,029 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv [2011/04/01 15:06:20 | 027,691,266 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi [2011/04/01 15:02:24 | 025,972,649 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv [2011/04/01 14:11:24 | 006,331,196 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv [2011/03/30 21:29:56 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url [2011/03/30 19:17:46 | 058,406,226 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi [2011/03/30 18:24:21 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk [2011/03/30 10:53:10 | 012,788,954 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi [2011/03/29 22:03:07 | 002,137,762 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi [2011/03/29 21:59:21 | 003,263,220 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv [2011/03/29 18:40:09 | 006,298,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi [2011/03/29 18:21:40 | 009,997,336 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv [2011/03/29 16:23:22 | 020,603,566 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi [2011/03/29 14:59:06 | 020,678,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi [2011/03/29 13:57:29 | 016,289,269 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv [2011/03/28 18:56:15 | 061,445,106 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi [2011/03/28 13:15:05 | 008,835,898 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi [2011/03/26 19:51:30 | 026,568,950 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi [2011/03/26 19:34:49 | 019,486,349 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv [2011/03/26 15:28:37 | 008,992,928 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv [2011/03/26 00:39:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk [2011/03/25 22:52:00 | 1902,021,466 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap [2011/03/25 00:09:56 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url [2011/03/24 23:34:41 | 008,524,519 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv [2011/03/23 22:47:30 | 019,800,764 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi [2011/03/22 19:17:57 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html [2011/03/22 18:58:42 | 001,478,110 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv [2011/03/22 13:34:30 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk [2011/03/06 14:47:18 | 000,067,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/03/03 01:21:51 | 000,306,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/02/18 14:15:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011/01/31 21:43:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat [2011/01/18 19:23:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI [2010/12/30 13:50:59 | 000,018,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\evdd.sys [2010/12/30 00:40:50 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/12/02 13:59:52 | 000,073,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdisk.sys [2010/12/02 13:59:38 | 000,428,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBVD.sys [2010/12/02 13:59:32 | 000,573,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdbus.sys [2010/09/27 14:29:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010/09/27 14:29:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010/09/27 14:29:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/09/20 16:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS [2010/09/20 16:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys [2010/06/04 18:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini [2010/05/24 19:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010/05/16 19:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010/04/29 20:27:14 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/29 12:34:51 | 000,000,258 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2010/04/24 12:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/04/16 17:39:11 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/04/13 18:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/13 17:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/04/13 17:50:08 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/13 17:25:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/13 17:25:12 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/04/13 17:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll [2010/04/13 17:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll [2010/04/13 17:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll [2010/04/13 17:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/04/13 16:58:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 06:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/04/14 06:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/04/14 06:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/04/14 06:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/04/14 06:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/12/19 07:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2006/12/12 10:46:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2006/12/12 10:39:02 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2006/12/12 10:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat [2006/12/12 10:36:32 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe [2006/12/12 10:36:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT [2006/12/12 10:34:30 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT [2006/12/12 10:34:22 | 000,240,568 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT [2006/12/12 10:34:22 | 000,114,908 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2006/12/12 10:34:06 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2006/12/12 10:34:06 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2006/12/12 10:34:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE [2006/11/30 08:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/05/18 07:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/23 13:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/23 13:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Custom Scans ========== < MD5 for: SFCFILES.DLL > [2010/04/13 13:08:21 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=F49C5C12A14F20A45F61977CF384B7FC -- C:\WINDOWS\system32\sfcfiles.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF < End of report > Thanks, sara :)

Hi Starbuck, Got it this time. I went to control panel and uninstalled DAP then downloaded again. All went well with the bonus of sound being back in youtube and here is the report: ComboFix 11-04-19.01 - User 19/04/2011 22:46:55.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2606 [GMT 1:00] Running from: c:\documents and settings\User\My Documents\Combo-Fix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\User\Application Data\EurekaLog c:\documents and settings\User\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))))) . . 2011-04-19 10:24 . 2011-04-19 10:24 -------- d-----w- c:\program files\iPod 2011-04-19 10:24 . 2011-04-19 10:25 -------- d-----w- c:\program files\iTunes 2011-04-19 10:22 . 2011-04-19 10:22 -------- d-----w- c:\program files\Bonjour 2011-04-18 21:00 . 2011-04-18 21:00 -------- d-----w- C:\_OTL 2011-04-16 10:26 . 2011-04-16 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2011-04-14 18:43 . 2011-04-14 18:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-30 17:20 . 2011-04-11 18:37 -------- d-----w- c:\program files\Chernobyl Demo 2011-03-26 23:34 . 2011-03-26 23:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Help 2011-03-25 23:39 . 2011-03-25 23:39 -------- d-----w- c:\program files\Free FLV Converter . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-14 15:57 . 2011-03-16 20:05 307200 ----a-w- c:\windows\system32\TubeFinder.exe 2011-03-07 05:33 . 2010-04-13 15:59 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2008-04-14 05:42 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2008-04-14 01:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 23:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 11:41 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2008-04-14 00:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2008-04-14 00:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-04-13 16:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2008-04-14 05:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2008-04-14 05:42 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 05:41 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2008-04-14 05:41 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2007-04-03 08:44 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 21:40 . 2010-09-27 12:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 19:19 . 2010-09-27 12:21 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2010-04-13 15:57 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-04-13 15:57 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2008-04-14 05:42 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ------- Sigcheck ------- . . [-] 2010-04-13 . F49C5C12A14F20A45F61977CF384B7FC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . c:\windows\System32\wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveOverlayIcon] @="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}" [HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}] 2010-12-02 12:59 627120 ----a-w- c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.130.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-19 2548552] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-16 274608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [02/12/2010 13:59 73416] R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [02/12/2010 13:59 123240] R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [02/12/2010 13:59 428248] R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [30/12/2010 13:51 235248] R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [30/12/2010 13:50 18920] R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16:11 35328] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11/09/2010 00:40 15592] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/09/2010 00:40 239368] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/09/2010 00:40 27576] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 11:22 185472] R2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMODO BackUp\COSService.exe [02/12/2010 13:59 580528] R2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMservice.exe [22/07/2010 17:04 79304] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [26/01/2011 12:26 573224] R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [02/12/2010 13:59 1360304] R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [20/09/2010 16:28 6852] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/04/2010 17:10 272128] R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [02/11/2005 10:54 11596] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [17/09/2010 21:35 17792] R3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\drivers\vdbus.sys [02/12/2010 13:59 573856] S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys --> c:\windows\system32\DRIVERS\CFRMD.sys [?] S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys --> c:\windows\system32\DRIVERS\CFRPD.sys [?] S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe --> c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [?] S3 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [02/12/2010 13:59 427608] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/07/2010 14:21 34896] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/12/2010 23:16 136176] . Contents of the 'Scheduled Tasks' folder . 2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . 2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33] . 2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33] . 2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job - c:\windows\system32\msfeedssync.exe [2010-04-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel IE: Google Sidewiki... IE: Lookup on Merriam Webster IE: Lookup on Wikipedia TCP: {DD7A2FBB-B1CB-42AC-8346-7C5B364219E3} = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.hamsterstart.com/?cfg=2-475-0-0&engine_id=3&provider_id=3&product_id=475&country=GB FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: TextAloud Firefox Plugin: {99a0337c-6303-4879-b72e-500fd9aaca8c} - c:\program files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-19 22:54 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose, ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-527237240-1614895754-1801674531-1001\Software\SecuROM\License information*] "datasecu"=hex:71,a0,57,93,41,a1,fe,63,e0,69,39,bc,73,80,dd,a6,63,30,ee,45,ec, 61,6a,65,e7,3f,97,cc,89,b6,75,fa,de,ba,95,8d,7f,05,f8,c2,72,13,72,1d,1c,08,\ "rkeysecu"=hex:fc,4a,2d,4e,01,56,f9,5d,b9,be,51,e6,ac,7b,9b,c4 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1052) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2492) c:\windows\system32\WININET.dll c:\windows\system32\guard32.dll c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.130.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-19 22:59:07 ComboFix-quarantined-files.txt 2011-04-19 21:59 . Pre-Run: 220,894,162,944 bytes free Post-Run: 220,914,413,568 bytes free . - - End Of File - - 76097D3EA0CD5CD631F8B2883AB84EDE