Internet Taking Approx 2 Mins To Open +two probs

[sarasara]

Hi Techs,

 

Three problems. I find my XP takes 2 mins aprox to load the internet at startup. I have Comodo AV. This is a recent problem and I cant think what the cause could be.

 

The other thing is that the taskbox seems to have been corrupted so that when I bring it up ctrl-alt-del I just get a blank pane with only a list of wondows open but no menus and I can only switch it off by right-clicking its green icon in the bottom right-hand corner by the clock, it still works to shut-down progs but tells me nothing.

 

Thirdly, 'msconfig' cannot be located in 'run.'

 

PC is in very healthy state, CC Cleaner, Malaware Bytes, registery error fix, de-frag etc carried out most days before shutdown.

Grateful for your advice on this.

sara :)

[Starbuck]

Hi Sara,

 

PC is in very healthy state, CC Cleaner, Malaware Bytes, registery error fix, de-frag etc carried out most days before shutdown.

Please stop using Registry fixing software.... you'll cause yourself more problems than the software will cure.

Defrag doesn't need to be run on such a regular basis.

Once a month at most will do.

 

taskbox seems to have been corrupted so that when I bring it up ctrl-alt-del I just get a blank pane with only a list of wondows open but no menus and I can only switch it off by right-clicking its green icon in the bottom right-hand corner by the clock, it still works to shut-down progs but tells me nothing.

Is it just the menu bar and page tabs missing?

 

Are you sure you haven't turned on 'Tiny Footprint' mode by mistake:

 

Task Manager can run in a small footprint mode, which removes the menu bar and the page tabs.

 

To enable tiny footprint mode, double-click in the border around the tabs. To switch back, double-click the border area again.

 

Thirdly, 'msconfig' cannot be located in 'run.'

If you type msconfig into the run box and click OK.... do you get any message come up? exactly what does it say?

 

PC is in very healthy state

Sorry, but it doesn't seem that way.

[sarasara]

Firstly Starbuck thank you very much for your kind asistance.

 

Hi Sara,

 

 

Please stop using Registry fixing software.... you'll cause yourself more problems than the software will cure.

Defrag doesn't need to be run on such a regular basis.

Once a month at most will do.

 

It was running fine Starbuck until I ticked a box I should not have ticked and now I am not sure which one it was. If I give up the software what would be the consequences as registry errors build up?

 

 

Is it just the menu bar and page tabs missing?

Are you sure you haven't turned on 'Tiny Footprint' mode by mistake:

To enable tiny footprint mode, double-click in the border around the tabs. To switch back, double-click the border area again.

 

Now before I do that I must correct my question. When I said taskbar I should have said Task Manager, it is task manager I am having the problem with, all I have is a blank pane with the current webpages listed but no menus and no ability to click it closed. . So I will wait for you to come back on that.

 

If you type msconfig into the run box and click OK.... do you get any message come up? exactly what does it say?

 

It says windows cannot find MSCONFIG.

 

Sorry, but it doesn't seem that way.

 

Then i'm glad I asked you,

thanks,

sara :)

[Starbuck]

Hi Sara

 

If I give up the software what would be the consequences as registry errors build up?

Windows is quite resilient to registry errors.

Most will cause no problems at all.

A lot of problems are caused by software writers not writing coding correctly.

Sometimes an entry will be placed in an incorrect position within the registry.... everything will still work correctly, but some registry software may think something is wrong and remove the entry..... resulting in the program then not working correctly.

 

all I have is a blank pane with the current webpages listed but no menus and no ability to click it closed. . So I will wait for you to come back on that.

Give my suggestion a try, you'll soon know if that is the answer.

It won't cause any problems with your system.

 

It says windows cannot find MSCONFIG.

Maybe something is either missing or corrupt within the registry.

Do you have the XP installation disc?

 

This may help............

You don't always need the installation disc

 

Try running the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder.

You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available.

 

Use Task Manager ... New Task... and type: sfc /scannow

or

Click Start >> Run >> and type: sfc /scannow then click OK

 

Make sure that you include a space between the c and /.

This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files.

 

Note:

Running the System File Checker won't interfere with any of your saved documents.

[sarasara]

Hi Starbuck,

 

Maybe something is either missing or corrupt within the registry.

Do you have the XP installation disc?

No, XP was pre-installed without a disc. To complicate matters a pc engineer who is no-longer contactable upgraded it to XP professional from a disc he had so I suppose I would would have to buy the software? I tried to run the program but it asked for the disc.

[Starbuck]

Hi Sara

 

To complicate matters a pc engineer who is no-longer contactable upgraded it to XP professional from a disc he had so I suppose I would would have to buy the software?

So we're not actually sure that the OS is legal then?

 

Maybe we should find out?

 

Please download this tool from Microsoft.

 

1. Double click on MGADiag.exe to run it.

2. Click Continue.

3. The program will run. It takes a while to finish the diagnosis, please be patient.

4. Once done, click on Copy.

5. Open Notepad and paste the contents in. Save this file and post it in your next reply.

[sarasara]

Hi Starbuck,

I ran the tool and glad to say I got 'genuine.' Now as to 'Tiny Footprint' I'm not sure what the taskbar is so dont know where to click,

thanks,

sara.

[Starbuck]

Hi Sara,

 

I ran the tool and glad to say I got 'genuine.'

http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif

 

Now as to 'Tiny Footprint' I'm not sure what the taskbar is so dont know where to click,

If Taskmanager looks like this:

http://img.photobucket.com/albums/v708/starbuck50/taskm.png

 

Double click where the arrow is pointing.... in the outer area.

it should now look like this:

 

http://img.photobucket.com/albums/v708/starbuck50/taskm2.png

[sarasara]

Hi Starbuck,

Although the PC seems to be functioning perfectly there must be a developing problem. When I pressed Ctrl-alt-delete only the bottom of the task manager appeared, i.e. the end program etc menu. Now yesterday the whole box appeared but that menu was blank. I tried a restart and I have the same problem again. btw, it did not show the info at the bottom about CPU usage/commit charge, just end task-switch-to-new task.

Very strange,

sara:confused:

[Starbuck]

Let's see if we can get a better look at what's going on.

 

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.
 
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
 
 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

[sarasara]

Thanks Starbuck,

Here goes:

 

OTL logfile created on: 16/04/2011 16:16:12 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\My Documents

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 244.14 Gb Total Space | 203.56 Gb Free Space | 83.38% Space Free | Partition Type: NTFS

Drive D: | 221.61 Gb Total Space | 196.80 Gb Free Space | 88.81% Space Free | Partition Type: NTFS

Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\User\My Documents\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe ()

PRC - C:\Program Files\COMODO\COMODO BackUp\COSService.exe ()

PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)

PRC - C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\User\My Documents\OTL.scr (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wscsvc) -- File not found

SRV - (HidServ) -- File not found

SRV - (Cleaner_Validator) -- File not found

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (SynchronizationService.exe) -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe ()

SRV - (COSService.exe) -- C:\Program Files\COMODO\COMODO BackUp\COSService.exe ()

SRV - (CPMService) -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)

DRV - (bdisk) -- C:\WINDOWS\system32\drivers\bdisk.sys ()

DRV - (CBUfs) -- C:\WINDOWS\system32\drivers\CBUFS.sys (COMODO Security Solutions Inc.)

DRV - (cbvd) -- C:\WINDOWS\system32\DRIVERS\cbvd.sys ()

DRV - (vdbus) -- C:\WINDOWS\system32\drivers\vdbus.sys ()

DRV - (reparse) -- C:\WINDOWS\system32\drivers\cbreparse.sys (Windows ® Win 7 DDK provider)

DRV - (cumon) -- C:\WINDOWS\system32\drivers\cumon.sys (Windows ® Win 7 DDK provider)

DRV - (Evdd) -- C:\WINDOWS\system32\drivers\evdd.sys ()

DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)

DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)

DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.hamsterstart.com/?cfg=2-475-0-0&engine_id=3&provider_id=3&product_id=475&country=GB"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q="

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/16 15:01:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 15:01:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 23:52:15 | 000,000,000 | ---D | M]

 

[2010/04/12 02:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/04/13 17:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions

[2010/04/12 02:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/01/16 14:14:35 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\searchplugins\yahoo-zugo.xml

[2011/02/21 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/28 17:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

[2010/09/27 13:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/19 20:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/16 10:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/21 18:46:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/13 21:26:22 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

[2010/09/27 13:20:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/04/13 17:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2010/12/21 20:39:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271176277750 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/13 17:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/06/27 11:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2008/07/31 17:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/16 16:07:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr

[2011/04/16 11:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2011/04/16 11:25:30 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe

[2011/04/14 20:15:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2011/03/30 18:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Chernobyl Demo

[2011/03/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Chernobyl Demo

[2011/03/27 00:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Help

[2011/03/26 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free FLV Converter

[2011/03/26 00:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2006/12/12 10:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2006/12/12 10:34:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

[49 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/16 16:10:30 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2011/04/16 16:08:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

[2011/04/16 16:08:30 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

[2011/04/16 16:07:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr

[2011/04/16 14:52:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/16 14:50:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/16 14:49:43 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/16 14:49:43 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/16 14:49:43 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/16 14:49:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2011/04/16 14:49:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2011/04/16 14:16:14 | 003,842,048 | -H-- | M] () -- C:\ffastun0.ffx

[2011/04/16 14:16:14 | 000,516,096 | -H-- | M] () -- C:\ffastun.ffl

[2011/04/16 14:16:14 | 000,159,744 | -H-- | M] () -- C:\ffastun.ffo

[2011/04/16 14:16:14 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa

[2011/04/16 11:26:24 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe

[2011/04/16 10:09:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job

[2011/04/15 21:45:06 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url

[2011/04/15 20:04:49 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microphone Flags Mic Flag Mic Windshields world's leading manufacturer..url

[2011/04/15 18:46:39 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Fifties - Petticoat Girl SYLVIA in Wettenberg 2010 - movie027.url

[2011/04/14 20:15:40 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI

[2011/04/14 19:40:47 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/14 19:05:47 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/14 19:05:47 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/14 18:38:26 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/14 18:37:43 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url

[2011/04/14 17:53:51 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - petticoat musical.url

[2011/04/14 13:54:37 | 000,002,663 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Vision 10.lnk

[2011/04/14 13:42:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/14 00:09:32 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url

[2011/04/12 22:26:27 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The British Freedom Party.url

[2011/04/12 22:11:13 | 013,612,043 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv

[2011/04/12 18:40:57 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\User\Desktop\birther issue.url

[2011/04/12 17:08:37 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Matt Parrish Waynesboro, VA Country - Americana - Folk Music, Lyrics, Songs, and Videos ReverbNation.url

[2011/04/12 10:29:48 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tech PC Forums.url

[2011/04/10 23:33:30 | 001,662,744 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi

[2011/04/10 23:30:40 | 001,437,010 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv

[2011/04/10 20:04:48 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url

[2011/04/10 17:27:18 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv

[2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv

[2011/04/09 21:11:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/09 20:50:41 | 007,812,812 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi

[2011/04/09 20:48:56 | 009,526,465 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv

[2011/04/09 18:57:49 | 862,688,736 | ---- | M] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap

[2011/04/09 12:59:38 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url

[2011/04/08 23:49:18 | 013,179,592 | ---- | M] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe

[2011/04/08 15:46:40 | 036,317,780 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi

[2011/04/08 13:13:34 | 026,107,199 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv

[2011/04/07 21:33:26 | 034,395,498 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi

[2011/04/07 21:17:20 | 024,011,538 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv

[2011/04/07 13:24:55 | 098,232,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi

[2011/04/07 13:19:15 | 094,871,351 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv

[2011/04/06 22:19:31 | 002,796,296 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi

[2011/04/06 22:14:19 | 005,771,142 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv

[2011/04/05 23:17:26 | 050,597,560 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi

[2011/04/05 22:58:37 | 077,343,310 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi

[2011/04/05 21:12:14 | 024,853,090 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv

[2011/04/05 18:11:02 | 112,503,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi

[2011/04/03 21:01:37 | 006,201,531 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv

[2011/04/02 14:08:10 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url

[2011/04/01 20:57:09 | 004,254,288 | ---- | M] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3

[2011/04/01 20:00:21 | 141,598,029 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv

[2011/04/01 15:05:47 | 027,691,266 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi

[2011/04/01 15:02:26 | 025,972,649 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv

[2011/04/01 14:14:56 | 006,331,196 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv

[2011/03/30 21:29:56 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url

[2011/03/30 19:17:28 | 058,406,226 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi

[2011/03/30 18:24:21 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk

[2011/03/30 11:35:07 | 1902,021,466 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap

[2011/03/30 10:53:01 | 012,788,954 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi

[2011/03/29 22:02:42 | 002,137,762 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi

[2011/03/29 22:01:07 | 003,263,220 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv

[2011/03/29 18:39:53 | 006,298,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi

[2011/03/29 18:30:26 | 009,997,336 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv

[2011/03/29 16:23:08 | 020,603,566 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi

[2011/03/29 15:43:32 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2011/03/29 14:58:42 | 020,678,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi

[2011/03/29 14:22:27 | 016,289,269 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv

[2011/03/28 18:55:55 | 061,445,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi

[2011/03/28 17:17:58 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\User\Desktop\America Radio News.url

[2011/03/28 13:14:54 | 008,835,898 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi

[2011/03/26 19:51:07 | 026,568,950 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi

[2011/03/26 19:47:25 | 019,486,349 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv

[2011/03/26 15:28:37 | 008,992,928 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv

[2011/03/26 00:39:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk

[2011/03/25 00:09:56 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url

[2011/03/24 23:37:38 | 008,524,519 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv

[2011/03/23 22:46:13 | 019,800,764 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi

[2011/03/22 19:17:23 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html

[2011/03/22 18:58:43 | 001,478,110 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv

[2011/03/22 13:34:30 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk

[2011/03/21 19:26:55 | 1902,019,901 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.exe.dap

[2011/03/20 20:01:52 | 000,289,434 | ---- | M] () -- C:\Documents and Settings\User\My Documents\trump.bmp

[2011/03/19 21:41:08 | 012,337,092 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Running For President.avi

[2011/03/19 21:00:25 | 011,261,808 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The_Virginian_1.mp3.dap

[2011/03/19 20:43:15 | 011,261,808 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The_Virginian.mp3

[2011/03/19 20:08:37 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\User\Desktop\printsandthings.url

[2011/03/18 23:59:25 | 003,070,827 | ---- | M] () -- C:\Documents and Settings\User\My Documents\She_Was_Waiting_v1.wma.dap

[2011/03/18 14:20:28 | 043,062,712 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Donald for President.avi

[2011/03/17 22:09:38 | 006,343,810 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Goes Birther - 3 17 2011.avi

[2011/03/17 20:23:48 | 029,435,580 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump on Top in GOP Popularity Poll.avi

[2011/03/17 19:08:04 | 003,178,642 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Ready to Spend $600 Million on Run - ABC News_xvid.avi

[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

[49 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/04/15 21:45:06 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url

[2011/04/15 20:04:48 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Microphone Flags Mic Flag Mic Windshields world's leading manufacturer..url

[2011/04/15 18:46:39 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Fifties - Petticoat Girl SYLVIA in Wettenberg 2010 - movie027.url

[2011/04/14 18:38:26 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/14 18:37:43 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url

[2011/04/14 17:53:51 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - petticoat musical.url

[2011/04/14 00:09:32 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url

[2011/04/12 22:26:27 | 000,000,223 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The British Freedom Party.url

[2011/04/12 22:06:51 | 013,612,043 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv

[2011/04/12 18:40:57 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\User\Desktop\birther issue.url

[2011/04/12 17:08:36 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Matt Parrish Waynesboro, VA Country - Americana - Folk Music, Lyrics, Songs, and Videos ReverbNation.url

[2011/04/12 10:29:48 | 000,000,412 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tech PC Forums.url

[2011/04/10 23:33:41 | 001,662,744 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi

[2011/04/10 23:30:39 | 001,437,010 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv

[2011/04/10 20:04:47 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url

[2011/04/10 17:26:49 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv

[2011/04/10 17:23:28 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv

[2011/04/09 20:51:11 | 007,812,812 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi

[2011/04/09 20:43:37 | 009,526,465 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv

[2011/04/09 12:59:38 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url

[2011/04/08 23:39:37 | 013,179,592 | ---- | C] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe

[2011/04/08 22:34:33 | 862,688,736 | ---- | C] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap

[2011/04/08 15:46:53 | 036,317,780 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi

[2011/04/08 12:48:11 | 026,107,199 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv

[2011/04/07 21:33:44 | 034,395,498 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi

[2011/04/07 20:58:38 | 024,011,538 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv

[2011/04/07 13:25:11 | 098,232,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi

[2011/04/07 13:19:10 | 094,871,351 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv

[2011/04/06 22:19:42 | 002,796,296 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi

[2011/04/06 22:16:01 | 005,771,142 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv

[2011/04/05 23:17:52 | 050,597,560 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi

[2011/04/05 22:59:46 | 077,343,310 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi

[2011/04/05 21:12:12 | 024,853,090 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv

[2011/04/05 18:11:17 | 112,503,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi

[2011/04/03 20:58:58 | 006,201,531 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv

[2011/04/02 14:08:07 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url

[2011/04/01 20:54:31 | 004,254,288 | ---- | C] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3

[2011/04/01 20:00:17 | 141,598,029 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv

[2011/04/01 15:06:20 | 027,691,266 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi

[2011/04/01 15:02:24 | 025,972,649 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv

[2011/04/01 14:11:24 | 006,331,196 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv

[2011/03/30 21:29:56 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url

[2011/03/30 19:17:46 | 058,406,226 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi

[2011/03/30 18:24:21 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk

[2011/03/30 10:53:10 | 012,788,954 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi

[2011/03/29 22:03:07 | 002,137,762 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi

[2011/03/29 21:59:21 | 003,263,220 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv

[2011/03/29 18:40:09 | 006,298,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi

[2011/03/29 18:21:40 | 009,997,336 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv

[2011/03/29 16:23:22 | 020,603,566 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi

[2011/03/29 14:59:06 | 020,678,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi

[2011/03/29 13:57:29 | 016,289,269 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv

[2011/03/28 18:56:15 | 061,445,106 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi

[2011/03/28 17:17:13 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\User\Desktop\America Radio News.url

[2011/03/28 13:15:05 | 008,835,898 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi

[2011/03/26 19:51:30 | 026,568,950 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi

[2011/03/26 19:34:49 | 019,486,349 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv

[2011/03/26 15:28:37 | 008,992,928 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv

[2011/03/26 00:39:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk

[2011/03/25 22:52:00 | 1902,021,466 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap

[2011/03/25 00:09:56 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url

[2011/03/24 23:34:41 | 008,524,519 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv

[2011/03/23 22:47:30 | 019,800,764 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi

[2011/03/22 19:17:57 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html

[2011/03/22 18:58:42 | 001,478,110 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv

[2011/03/22 13:34:30 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk

[2011/03/21 13:39:15 | 1902,019,901 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.exe.dap

[2011/03/20 20:01:52 | 000,289,434 | ---- | C] () -- C:\Documents and Settings\User\My Documents\trump.bmp

[2011/03/19 21:41:40 | 012,337,092 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Running For President.avi

[2011/03/19 21:00:06 | 011,261,808 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The_Virginian_1.mp3.dap

[2011/03/19 20:38:36 | 011,261,808 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The_Virginian.mp3

[2011/03/19 20:08:37 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\User\Desktop\printsandthings.url

[2011/03/18 23:59:17 | 003,070,827 | ---- | C] () -- C:\Documents and Settings\User\My Documents\She_Was_Waiting_v1.wma.dap

[2011/03/18 14:20:57 | 043,062,712 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Donald for President.avi

[2011/03/17 22:10:02 | 006,343,810 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Goes Birther - 3 17 2011.avi

[2011/03/17 20:25:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\User\My Documents\YouTube - blenkarni's YouTube (2).url

[2011/03/17 20:24:59 | 029,435,580 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump on Top in GOP Popularity Poll.avi

[2011/03/17 19:08:49 | 003,178,642 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Ready to Spend $600 Million on Run - ABC News_xvid.avi

[2011/03/06 14:47:18 | 000,067,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/03/03 01:21:51 | 000,306,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/02/18 14:15:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/01/31 21:43:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat

[2011/01/18 19:23:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI

[2010/12/30 13:50:59 | 000,018,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\evdd.sys

[2010/12/30 00:40:50 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2010/12/02 13:59:52 | 000,073,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdisk.sys

[2010/12/02 13:59:38 | 000,428,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBVD.sys

[2010/12/02 13:59:32 | 000,573,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdbus.sys

[2010/09/27 14:29:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/09/27 14:29:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/09/27 14:29:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/09/20 16:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS

[2010/09/20 16:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys

[2010/06/04 18:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2010/05/24 19:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/05/16 19:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2010/04/29 20:27:14 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/29 12:34:51 | 000,000,213 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2010/04/24 12:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/04/16 17:39:11 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/04/13 18:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/04/13 17:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/13 17:50:08 | 000,330,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/13 17:25:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/13 17:25:12 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/04/13 17:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll

[2010/04/13 17:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll

[2010/04/13 17:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll

[2010/04/13 17:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/04/13 16:58:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 06:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/14 06:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/14 06:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/14 06:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/14 06:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/12/19 07:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2006/12/12 10:46:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2006/12/12 10:39:02 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2006/12/12 10:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2006/12/12 10:36:32 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2006/12/12 10:36:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2006/12/12 10:34:30 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2006/12/12 10:34:22 | 000,240,568 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2006/12/12 10:34:22 | 000,114,908 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2006/12/12 10:34:06 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2006/12/12 10:34:06 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2006/12/12 10:34:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE

[2006/11/30 08:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/05/18 07:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 13:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 13:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 

========== LOP Check ==========

 

[2010/12/30 00:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/12/23 21:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2010/11/02 21:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2010/12/02 12:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro

[2010/05/15 17:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/10/06 12:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee

[2010/11/03 18:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2011/02/13 21:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit

[2011/04/16 16:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/12/02 12:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2010/10/23 23:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/12/11 17:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/04/13 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AnvSoft

[2010/09/17 21:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Avnex

[2010/12/25 22:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EurekaLog

[2011/03/16 21:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreeFLVConverter

[2011/01/16 14:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HamsterSoft

[2010/11/02 21:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\muvee Technologies

[2010/09/30 09:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ProtectDISC

[2010/09/03 21:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Screaming Bee

[2010/05/23 22:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Serif

[2011/02/13 21:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony

[2010/12/23 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinPatrol

[2011/02/24 01:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Xilisoft

[2011/04/14 13:42:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2011/04/16 10:09:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2010/12/23 10:35:46 | 000,011,284 | ---- | M] () -- C:\aaw7boot.log

[2010/04/13 17:00:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/04/17 00:35:43 | 000,000,355 | ---- | M] () -- C:\Boot.bak

[2010/12/21 20:33:59 | 000,000,471 | RHS- | M] () -- C:\boot.ini

[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010/04/17 00:35:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2010/04/13 17:00:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/04/16 14:16:14 | 000,004,460 | -H-- | M] () -- C:\ffastun.ffa

[2011/04/16 14:16:14 | 000,516,096 | -H-- | M] () -- C:\ffastun.ffl

[2011/04/16 14:16:14 | 000,159,744 | -H-- | M] () -- C:\ffastun.ffo

[2011/04/16 14:16:14 | 003,842,048 | -H-- | M] () -- C:\ffastun0.ffx

[2010/12/30 13:51:18 | 629,145,600 | -H-- | M] () -- C:\fileimage.dat

[2010/12/25 22:12:39 | 000,009,443 | ---- | M] () -- C:\holy rosary 1.TXT

[2010/04/13 17:00:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/08/22 13:09:25 | 000,003,163 | ---- | M] () -- C:\marian prayers.TXT

[2010/09/26 21:58:50 | 000,031,848 | ---- | M] () -- C:\Moira Rosary.txt

[2010/07/21 09:05:24 | 000,028,844 | ---- | M] () -- C:\moiras rosary file.txt

[2010/07/20 22:35:41 | 000,005,563 | ---- | M] () -- C:\moiras rosary.txt

[2010/04/13 17:00:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/13 23:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 01:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/04/16 14:50:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2011/01/16 17:58:23 | 000,015,707 | ---- | M] () -- C:\the holy rosary full.TXT

[2011/02/27 22:43:46 | 000,015,984 | ---- | M] () -- C:\the holy rosary.txt

[2010/04/16 15:48:24 | 000,000,020 | RHS- | M] () -- C:\winx.ld

[2010/04/16 15:48:24 | 000,340,044 | RHS- | M] () -- C:\YTJBZ

[49 C:\*.tmp files -> C:\*.tmp -> ]

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/05/11 05:46:58 | 000,080,896 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXDAPP5C.DLL

[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2010/04/13 17:48:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010/04/13 17:48:53 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010/04/13 17:48:52 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/01 19:00:32 | 000,552,136 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/04/01 19:00:32 | 000,910,296 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< >

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

Edited April 16, 2011 by sarasara

[sarasara]

OTL Extras logfile created on: 16/04/2011 16:16:12 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\My Documents

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 244.14 Gb Total Space | 203.56 Gb Free Space | 83.38% Space Free | Partition Type: NTFS

Drive D: | 221.61 Gb Total Space | 196.80 Gb Free Space | 88.81% Space Free | Partition Type: NTFS

Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe" = C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne

"{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists

"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter

"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare Demo

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{807F5AD8-3EAE-AABF-AA0E-79FE8833AD98}" = muvee Pixie

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9ACC9F63-CF54-46D7-9140-D40E57564EDA}_is1" = COMODO Registry Cleaner 1.0.17.23

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{A29B450E-D884-4367-868D-6BF18F9B2FDF}" = NextUp-ScanSoft Moira Irish Voice

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}" = COMODO BackUp

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}" = COMODO Programs Manager

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}" = SWAT 4 Single Player Demo

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Any Video Converter_is1" = Any Video Converter 3.2.0

"AT&T Natural Voice Audrey_is1" = AT&T Natural Voices Audrey v. 1.4

"AV Voice Changer Software 7.0" = AV Voice Changer Software 7.0

"AV Voice Changer Software DIAMOND 4.0" = AV Voice Changer Software DIAMOND 4.0

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"CCleaner" = CCleaner

"Chernobyl Demo_is1" = Chernobyl Demo

"Daniusoft MP3 WAV Converter_is1" = Daniusoft MP3 WAV Converter(Build 2.3.1.0)

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"Download Manager" = Download Manager 2.3.10

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Everything" = Everything 1.2.1.371

"Foxit Reader" = Foxit Reader

"Free FLV Converter_is1" = Free FLV Converter V 6.96.0

"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter

"ie8" = Windows Internet Explorer 8

"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare Demo

"InstallShield_{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}" = SWAT 4 Single Player Demo

"Lexmark 640 Series" = Lexmark 640 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"RealPlayer 12.0" = RealPlayer

"SpywareBlaster_is1" = SpywareBlaster 4.4

"TextAloud MP3_is1" = TextAloud

"Ubersoldier 2_is1" = Ubersoldier 2

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR archiver

"Word8.0" = Microsoft Word 97

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02/12/2010 07:40:04 | Computer Name = MARIA-PC3000 | Source = Registry Helper Service | ID = 109

Description =

 

Error - 06/12/2010 09:19:22 | Computer Name = MARIA-PC3000 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

 

Error - 11/12/2010 14:04:13 | Computer Name = MARIA-PC3000 | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

 

Error - 25/12/2010 06:11:06 | Computer Name = MARIA-PC3000 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

 

Error - 25/12/2010 06:11:06 | Computer Name = MARIA-PC3000 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

 

Error - 25/12/2010 06:11:06 | Computer Name = MARIA-PC3000 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The specified server cannot perform the requested operation.

 

[ System Events ]

Error - 16/04/2011 05:07:21 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The COMODO System - Cleaner Service service failed to start due to

the following error: %%2

 

Error - 16/04/2011 05:07:21 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

 

Error - 16/04/2011 05:07:21 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The wscsvc service failed to start due to the following error: %%1083

 

Error - 16/04/2011 05:07:21 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

CFRMD CFRPD

 

Error - 16/04/2011 09:52:18 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The COMODO System - Cleaner Service service failed to start due to

the following error: %%2

 

Error - 16/04/2011 09:52:18 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The helpsvc service failed to start due to the following error: %%2

 

Error - 16/04/2011 09:52:18 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The wscsvc service failed to start due to the following error: %%1083

 

Error - 16/04/2011 09:52:18 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

CFRMD CFRPD

 

Error - 16/04/2011 11:16:39 | Computer Name = MARIA-PC3000 | Source = SRService | ID = 104

Description = The System Restore initialization process failed.

 

Error - 16/04/2011 11:16:39 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7023

Description = The System Restore Service service terminated with the following error:

%%2

 

 

< End of report >

[Starbuck]

Hi Sara,

 

These errors from your log:

Error - 16/04/2011 05:07:21 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

CFRMD CFRPD

 

Error - 16/04/2011 09:52:18 | Computer Name = MARIA-PC3000 | Source = Service Control Manager | ID = 7000

Description = The COMODO System - Cleaner Service service failed to start due to

the following error: %%2

are related to this:

SRV - (Cleaner_Validator) -- File not found

It's a part of Comodo, so either you or something seems to have stopped or removed something.

A quick solution would be to remove Comodo and then reinstall it.

 

Did you have an earlier version of Microsoft Office installed before upgrading to Microsoft Office 2007?

The reason i ask is that this is in your report:

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

This was bundled with earlier versions of MS Office.

It was a complete waste of time and was removed because it slowed down systems a lot.

 

To turn off Find Fast, delete the Find Fast index files by following these steps:

 

On the Start menu, point to Settings and then click Control Panel.

In the Control Panel, double-click Find Fast.

In the "Index for documents in and below" list, click the first item.

On the Index menu, click Delete Index. In the Delete Index dialog box, click OK. When you are prompted to delete the index, click OK.

Repeat steps 3 and 4 until no more indexes are listed.

Click the Index menu. If the Run When I Log On check box is selected, click it to clear the check box.

On the Index menu, click Close and Stop. If you are prompted to stop Find Fast, click OK.

 

 

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

[sarasara]

Hi Starbuck,

Thanks for your help. firstly I now realize what may have caused the whole problem. I foolishly ticked the only unticked box in Commodo Registry Cleaner which I had been using for a good while without any problems. The box I ticked was 'start up locations.'

Yes, my fomer PC engineer installed Microsoft Office 2007 which I dont even use or need. I will uninstall it. I'll now start working on your suggestions.

sara :)

Edited April 18, 2011 by sarasara

[sarasara]

Before I start I tried two tests. I selected ctrl-alt-delete and I still get only the bottom portion of the task manager is appearing,

and secondly I typed msconfig into Run and it could not find it.

 

All other Steps completed as requested . Here goes:

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\User\My Documents\cmd.bat deleted successfully.

C:\Documents and Settings\User\My Documents\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: User

->Temp folder emptied: 390428 bytes

->Temporary Internet Files folder emptied: 62055287 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 3734 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16479948 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 24801229 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 99.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: User

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04182011_220038

Files\Folders moved on Reboot...

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\WPM8A346\11574-Internet-Taking-Approx-2-Mins-To-Open-two-probs[1].htm moved successfully.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KMNDS0SI\ads[1].htm moved successfully.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\08VX9UD6\ads[1].htm moved successfully.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\08VX9UD6\WebTuner[1].htm moved successfully.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\08VX9UD6\xd_proxy[1].htm moved successfully.

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

[Starbuck]

Hi Sara,

 

ok, let's look a little deeper and see if anything throws any light on the msconfig/task manager problems.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you may not see this screen
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Thanks

[sarasara]

Starbuck,

I have run into a problem here. It is not giving me the opportunity to change the name. It allows me to run or save but then just downloads and self-installs. Should I disable my downloader?

Thanks

sara :)

[Starbuck]

Hi Sara,

 

It's always easier to rename it when downloading with IE.

But no problem.

Let it download and then right click on the downloaded icon and select rename.

Once renamed click on the 'Return' key and you are good to go.

[sarasara]

Hi Starbuck,

What i did not tell you last post was that I tried to download twice but each time I got the error message 'Installation Failed.' Now this time I did locate a drop-down menu on my downloader which allowed me to change the filename by adding the recommened join. Again however I have got an 'installation failed' error. All my AV stuff was switched off and no other programmes were running. :confused2:

[sarasara]

Hi Starbuck,

After several attempts to instal combo-fix the sound on youtube videos has gone. I dont know if the events are connected but I have an important channel and am somewhat snookered. I have audio for everything else such as internet radio. Most grateful for assistance.

Thanks

sara.

[Starbuck]

I tried to download twice but each time I got the error message 'Installation Failed.'

Very odd because Combofix doesn't actually install on to the system.

When downloading programs that we use i recommend you download straight from the browser.

To be honest i've never uderstood the need for a downloader.... but that's just me.

 

After several attempts to instal combo-fix the sound on youtube videos has gone.

Again, very odd.

Why only you tube??

Combofix does make some system changes and if removed the correct way, will return things back to normal.

We can try that, but i can't see why CF would stop the music from You tube.

 

Please uninstall ComboFix by

Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok

http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png

 

This action will uninstall Combofix and also perform a few cleanup measures

[sarasara]

Hi Starbuck,

Sorry, I was waiting for your answer not realising it was on the next page. I typed that into run and it said "windows cannot find combofix /uninstall." I did locate two files in 'search files and folders' but they dont look like a programme. Must be it did'nt install.

Yep, the youtube thing is a real problem. I reinstalled adobe flash and IE8 but no luck. The problem is only in youtube. I also checked the 'sounds and audio devices' in control panel. I wonder if somehow it is a registry issue? I'm now going to try to download having disabled the downloader and will come back to you.

thanks,

sara :)

Edited April 19, 2011 by sarasara

[sarasara]

Hi Starbuck,

Got it this time. I went to control panel and uninstalled DAP then downloaded again. All went well with the bonus of sound being back in youtube and here is the report:

 

ComboFix 11-04-19.01 - User 19/04/2011 22:46:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2606 [GMT 1:00]

Running from: c:\documents and settings\User\My Documents\Combo-Fix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\User\Application Data\EurekaLog

c:\documents and settings\User\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))

.

.

2011-04-19 10:24 . 2011-04-19 10:24 -------- d-----w- c:\program files\iPod

2011-04-19 10:24 . 2011-04-19 10:25 -------- d-----w- c:\program files\iTunes

2011-04-19 10:22 . 2011-04-19 10:22 -------- d-----w- c:\program files\Bonjour

2011-04-18 21:00 . 2011-04-18 21:00 -------- d-----w- C:\_OTL

2011-04-16 10:26 . 2011-04-16 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2011-04-14 18:43 . 2011-04-14 18:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-30 17:20 . 2011-04-11 18:37 -------- d-----w- c:\program files\Chernobyl Demo

2011-03-26 23:34 . 2011-03-26 23:34 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Help

2011-03-25 23:39 . 2011-03-25 23:39 -------- d-----w- c:\program files\Free FLV Converter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-14 15:57 . 2011-03-16 20:05 307200 ----a-w- c:\windows\system32\TubeFinder.exe

2011-03-07 05:33 . 2010-04-13 15:59 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-04-14 05:42 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2008-04-14 01:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2008-04-14 00:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-14 00:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-04-13 16:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-14 05:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2008-04-14 05:42 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-14 05:41 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-14 05:41 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2007-04-03 08:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 21:40 . 2010-09-27 12:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 19:19 . 2010-09-27 12:21 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2010-04-13 15:57 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-04-13 15:57 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2008-04-14 05:42 439296 ----a-w- c:\windows\system32\shimgvw.dll

.

.

------- Sigcheck -------

.

.

[-] 2010-04-13 . F49C5C12A14F20A45F61977CF384B7FC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\wscntfy.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\COSDriveOverlayIcon]

@="{5FDACB62-6B7B-4116-9403-C5E0D3852A57}"

[HKEY_CLASSES_ROOT\CLSID\{5FDACB62-6B7B-4116-9403-C5E0D3852A57}]

2010-12-02 12:59 627120 ----a-w- c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.130.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-19 2548552]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-16 274608]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]

Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 bdisk;COMODO Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [02/12/2010 13:59 73416]

R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [02/12/2010 13:59 123240]

R0 cbvd;Comodo Encrypted Virtual Disk;c:\windows\system32\drivers\CBVD.sys [02/12/2010 13:59 428248]

R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [30/12/2010 13:51 235248]

R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [30/12/2010 13:50 18920]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16:11 35328]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11/09/2010 00:40 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/09/2010 00:40 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/09/2010 00:40 27576]

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 11:22 185472]

R2 COSService.exe;Comodo Online Storage Service;c:\program files\COMODO\COMODO BackUp\COSService.exe [02/12/2010 13:59 580528]

R2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMservice.exe [22/07/2010 17:04 79304]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [26/01/2011 12:26 573224]

R2 SynchronizationService.exe;Comodo BackUp Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [02/12/2010 13:59 1360304]

R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [20/09/2010 16:28 6852]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13/04/2010 17:10 272128]

R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [02/11/2005 10:54 11596]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [17/09/2010 21:35 17792]

R3 vdbus;Virtual Disk Bus Enumerator;c:\windows\system32\drivers\vdbus.sys [02/12/2010 13:59 573856]

S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys --> c:\windows\system32\DRIVERS\CFRMD.sys [?]

S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys --> c:\windows\system32\DRIVERS\CFRPD.sys [?]

S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe --> c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [?]

S3 reparse;Reparse;c:\windows\system32\drivers\cbreparse.sys [02/12/2010 13:59 427608]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/07/2010 14:21 34896]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/12/2010 23:16 136176]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]

.

2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]

.

2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job

- c:\windows\system32\msfeedssync.exe [2010-04-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel

IE: Google Sidewiki...

IE: Lookup on Merriam Webster

IE: Lookup on Wikipedia

TCP: {DD7A2FBB-B1CB-42AC-8346-7C5B364219E3} = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.hamsterstart.com/?cfg=2-475-0-0&engine_id=3&provider_id=3&product_id=475&country=GB

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: TextAloud Firefox Plugin: {99a0337c-6303-4879-b72e-500fd9aaca8c} - c:\program files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-19 22:54

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-527237240-1614895754-1801674531-1001\Software\SecuROM\License information*]

"datasecu"=hex:71,a0,57,93,41,a1,fe,63,e0,69,39,bc,73,80,dd,a6,63,30,ee,45,ec,

61,6a,65,e7,3f,97,cc,89,b6,75,fa,de,ba,95,8d,7f,05,f8,c2,72,13,72,1d,1c,08,\

"rkeysecu"=hex:fc,4a,2d,4e,01,56,f9,5d,b9,be,51,e6,ac,7b,9b,c4

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1052)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(2492)

c:\windows\system32\WININET.dll

c:\windows\system32\guard32.dll

c:\program files\COMODO\COMODO BackUp\ShellExtension_3.0.171317.130.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-04-19 22:59:07

ComboFix-quarantined-files.txt 2011-04-19 21:59

.

Pre-Run: 220,894,162,944 bytes free

Post-Run: 220,914,413,568 bytes free

.

- - End Of File - - 76097D3EA0CD5CD631F8B2883AB84EDE

[Starbuck]

Hi Sara

 

------- Sigcheck -------

.

.

[-] 2010-04-13 . F49C5C12A14F20A45F61977CF384B7FC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

c:\windows\System32\wscntfy.exe ... is missing !!

Let's see if there's any other copy of these files on your system.

 

 

Double click on OTL.exe to run it.

Click the none button at the top.

 

http://img.photobucket.com/albums/v708/starbuck50/new/otlnone.png

 

Now copy the lines in bold below.

 

/md5start

wscntfy.exe

sfcfiles.dll

/md5stop

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
  

http://img.photobucket.com/albums/v708/starbuck50/runscan.png

 

You will only get a very short report.

Please copy/paste that report in your next reply.

 

 

Thanks

[sarasara]

Hi Starbuck,

Youtube sound has gone gain about an hour ago :confused:

 

Report:

 

 

 

OTL logfile created on: 20/04/2011 18:04:53 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 244.14 Gb Total Space | 205.58 Gb Free Space | 84.20% Space Free | Partition Type: NTFS

Drive D: | 221.61 Gb Total Space | 197.32 Gb Free Space | 89.04% Space Free | Partition Type: NTFS

Drive G: | 699.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: MARIA-PC3000 | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\User\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wscsvc) -- File not found

SRV - (HidServ) -- File not found

SRV - (Cleaner_Validator) -- File not found

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (SynchronizationService.exe) -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe ()

SRV - (COSService.exe) -- C:\Program Files\COMODO\COMODO BackUp\COSService.exe ()

SRV - (CPMService) -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)

DRV - (bdisk) -- C:\WINDOWS\system32\drivers\bdisk.sys ()

DRV - (CBUfs) -- C:\WINDOWS\system32\drivers\CBUFS.sys (COMODO Security Solutions Inc.)

DRV - (cbvd) -- C:\WINDOWS\system32\DRIVERS\cbvd.sys ()

DRV - (vdbus) -- C:\WINDOWS\system32\drivers\vdbus.sys ()

DRV - (reparse) -- C:\WINDOWS\system32\drivers\cbreparse.sys (Windows ® Win 7 DDK provider)

DRV - (cumon) -- C:\WINDOWS\system32\drivers\cumon.sys (Windows ® Win 7 DDK provider)

DRV - (Evdd) -- C:\WINDOWS\system32\drivers\evdd.sys ()

DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)

DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\WINDOWS\system32\drivers\vcsvad.sys (Avnex)

DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)

DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (Vcs) -- C:\WINDOWS\system32\drivers\Vcs.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 EC 86 52 3D 5E CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.hamsterstart.com/?cfg=2-475-0-0&engine_id=3&provider_id=3&product_id=475&country=GB"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://www.hamsterstart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-475-0-0&q="

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/16 15:01:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 15:01:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 18:27:30 | 000,000,000 | ---D | M]

 

[2010/04/12 02:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2010/04/13 17:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions

[2010/04/12 02:47:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/01/16 14:14:35 | 000,001,061 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\uh1w18zb.default\searchplugins\yahoo-zugo.xml

[2011/02/21 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/28 17:53:47 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}

[2010/09/27 13:21:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/19 20:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/16 10:23:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/21 18:46:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

[2010/09/27 13:20:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/04/13 17:15:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2011/04/18 22:01:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271176277750 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/13 17:00:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/06/27 11:26:18 | 000,000,050 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2008/07/31 17:26:36 | 000,000,027 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/20 18:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\OTL

[2011/04/20 00:02:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2011/04/19 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit

[2011/04/19 23:12:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/04/19 22:44:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/04/19 22:44:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/04/19 22:44:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/04/19 22:44:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/04/19 22:43:09 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/04/19 22:07:05 | 000,508,416 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\User\My Documents\SysInfo.exe

[2011/04/19 21:36:03 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\IE8-WindowsXP-x86-ENU.exe

[2011/04/19 11:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/04/19 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/04/19 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/04/19 11:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/04/18 22:00:38 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/04/18 21:59:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_2.scr

[2011/04/18 21:55:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_1.scr

[2011/04/16 16:07:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr

[2011/04/16 11:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2011/04/16 11:25:30 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe

[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll

[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe

[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll

[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll

[2011/03/30 18:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Chernobyl Demo

[2011/03/30 18:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Chernobyl Demo

[2011/03/27 00:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Help

[2011/03/26 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free FLV Converter

[2011/03/26 00:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2006/12/12 10:47:24 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2006/12/12 10:34:02 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/20 18:04:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

[2011/04/20 18:04:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-1614895754-1801674531-1001.job

[2011/04/20 18:02:11 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2011/04/20 17:24:21 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3866EC9F-E3F4-48A5-8B98-F29D52B3E338}.job

[2011/04/20 17:23:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/20 17:22:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/20 16:35:03 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/20 16:35:03 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/20 16:35:03 | 000,053,800 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000005-00291102}.rfx

[2011/04/20 16:35:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2011/04/20 16:35:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2011/04/20 12:19:32 | 020,634,026 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.avi

[2011/04/20 12:16:29 | 016,504,881 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.flv

[2011/04/20 11:09:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI

[2011/04/20 11:08:16 | 000,009,298 | ---- | M] () -- C:\Documents and Settings\User\My Documents\DHL E-Returns (Confirmation).htm

[2011/04/20 10:38:38 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Amazon.co.uk - Returns Support Centre.url

[2011/04/20 00:01:15 | 000,000,131 | ---- | M] () -- C:\WINDOWS\CRC.INI

[2011/04/19 22:42:08 | 004,324,798 | R--- | M] () -- C:\Documents and Settings\User\My Documents\Combo-Fix.exe

[2011/04/19 22:34:05 | 004,324,798 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ComboFix.exe.dap

[2011/04/19 22:09:01 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free Email Account, 3GB Storage, Spam and Virus Protection at Mail.com.url

[2011/04/19 22:07:43 | 000,508,416 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\User\My Documents\SysInfo.exe

[2011/04/19 21:58:21 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/19 21:51:44 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Tech PC Forums • Index page.url

[2011/04/19 21:41:50 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\IE8-WindowsXP-x86-ENU.exe

[2011/04/19 18:13:09 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Who is our Enemy.url

[2011/04/19 13:53:21 | 008,937,635 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Allen West Whacks CAIR.flv

[2011/04/19 12:08:02 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2011/04/18 22:01:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2011/04/18 21:59:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_2.scr

[2011/04/18 21:56:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL_1.scr

[2011/04/18 21:35:59 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/18 19:48:23 | 005,572,722 | ---- | M] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.avi

[2011/04/18 19:46:25 | 006,324,309 | ---- | M] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.flv

[2011/04/18 14:21:34 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\User\Desktop\123mail.org.url

[2011/04/16 21:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/04/16 20:41:38 | 005,743,318 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.avi

[2011/04/16 16:07:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\OTL.scr

[2011/04/16 11:26:24 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\My Documents\MGADiag.exe

[2011/04/15 21:45:06 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url

[2011/04/14 19:05:47 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/14 19:05:47 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/14 18:38:26 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/14 18:37:43 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url

[2011/04/14 13:54:37 | 000,002,663 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Vision 10.lnk

[2011/04/14 00:09:32 | 000,000,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url

[2011/04/12 22:11:13 | 013,612,043 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv

[2011/04/10 23:33:30 | 001,662,744 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi

[2011/04/10 23:30:40 | 001,437,010 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv

[2011/04/10 20:04:48 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url

[2011/04/10 17:27:18 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv

[2011/04/10 17:17:29 | 028,063,197 | ---- | M] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv

[2011/04/09 20:50:41 | 007,812,812 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi

[2011/04/09 20:48:56 | 009,526,465 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv

[2011/04/09 18:57:49 | 862,688,736 | ---- | M] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap

[2011/04/09 12:59:38 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url

[2011/04/08 23:49:18 | 013,179,592 | ---- | M] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe

[2011/04/08 15:46:40 | 036,317,780 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi

[2011/04/08 13:13:34 | 026,107,199 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv

[2011/04/07 21:33:26 | 034,395,498 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi

[2011/04/07 21:17:20 | 024,011,538 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv

[2011/04/07 13:24:55 | 098,232,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi

[2011/04/07 13:19:15 | 094,871,351 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv

[2011/04/06 22:19:31 | 002,796,296 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi

[2011/04/06 22:14:19 | 005,771,142 | ---- | M] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv

[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll

[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe

[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll

[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll

[2011/04/05 23:17:26 | 050,597,560 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi

[2011/04/05 22:58:37 | 077,343,310 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi

[2011/04/05 21:12:14 | 024,853,090 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv

[2011/04/05 18:11:02 | 112,503,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi

[2011/04/03 21:01:37 | 006,201,531 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv

[2011/04/02 14:08:10 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url

[2011/04/01 20:57:09 | 004,254,288 | ---- | M] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3

[2011/04/01 20:00:21 | 141,598,029 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv

[2011/04/01 15:05:47 | 027,691,266 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi

[2011/04/01 15:02:26 | 025,972,649 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv

[2011/04/01 14:14:56 | 006,331,196 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv

[2011/03/30 21:29:56 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url

[2011/03/30 19:17:28 | 058,406,226 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi

[2011/03/30 18:24:21 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk

[2011/03/30 11:35:07 | 1902,021,466 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap

[2011/03/30 10:53:01 | 012,788,954 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi

[2011/03/29 22:02:42 | 002,137,762 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi

[2011/03/29 22:01:07 | 003,263,220 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv

[2011/03/29 18:39:53 | 006,298,356 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi

[2011/03/29 18:30:26 | 009,997,336 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv

[2011/03/29 16:23:08 | 020,603,566 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi

[2011/03/29 14:58:42 | 020,678,028 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi

[2011/03/29 14:22:27 | 016,289,269 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv

[2011/03/28 18:55:55 | 061,445,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi

[2011/03/28 13:14:54 | 008,835,898 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi

[2011/03/26 19:51:07 | 026,568,950 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi

[2011/03/26 19:47:25 | 019,486,349 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv

[2011/03/26 15:28:37 | 008,992,928 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv

[2011/03/26 00:39:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk

[2011/03/25 00:09:56 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url

[2011/03/24 23:37:38 | 008,524,519 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv

[2011/03/23 22:46:13 | 019,800,764 | ---- | M] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi

[2011/03/22 19:17:23 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html

[2011/03/22 18:58:43 | 001,478,110 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv

[2011/03/22 13:34:30 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk

[2011/03/21 19:26:55 | 1902,019,901 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.exe.dap

[5 C:\Documents and Settings\User\My Documents\*.tmp files -> C:\Documents and Settings\User\My Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/04/20 12:20:05 | 020,634,026 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.avi

[2011/04/20 12:16:27 | 016,504,881 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TRUMP PALIN 2012.flv

[2011/04/20 11:08:16 | 000,009,298 | ---- | C] () -- C:\Documents and Settings\User\My Documents\DHL E-Returns (Confirmation).htm

[2011/04/20 10:38:38 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Amazon.co.uk - Returns Support Centre.url

[2011/04/19 22:44:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/04/19 22:44:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/04/19 22:44:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/04/19 22:44:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/04/19 22:44:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/04/19 22:32:18 | 004,324,798 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ComboFix.exe.dap

[2011/04/19 21:58:21 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/19 18:13:07 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Who is our Enemy.url

[2011/04/19 16:54:47 | 004,324,798 | R--- | C] () -- C:\Documents and Settings\User\My Documents\Combo-Fix.exe

[2011/04/19 13:49:40 | 008,937,635 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Allen West Whacks CAIR.flv

[2011/04/19 12:08:02 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2011/04/18 19:48:46 | 005,572,722 | ---- | C] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.avi

[2011/04/18 19:46:24 | 006,324,309 | ---- | C] () -- C:\Documents and Settings\User\My Documents\From The Desk Of Donald Trump 4 18 11.flv

[2011/04/18 14:21:34 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\User\Desktop\123mail.org.url

[2011/04/16 20:42:00 | 005,743,318 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.avi

[2011/04/15 21:45:06 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Presidential Job Approval Center.url

[2011/04/14 18:38:26 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Computer Support Forums - FreePCHelp.co.uk.url

[2011/04/14 18:37:43 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet 2 Mins.url

[2011/04/14 00:09:32 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - Day Of Silence 2011.url

[2011/04/12 22:06:51 | 013,612,043 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump America Has Never Been So Low.flv

[2011/04/10 23:33:41 | 001,662,744 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.avi

[2011/04/10 23:30:39 | 001,437,010 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GADDAFI SIGNS PEACE PLAN Sky News.flv

[2011/04/10 20:04:47 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - From Arizona Western Fashion 1950's (2).url

[2011/04/10 17:26:49 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN_0001.wmv

[2011/04/10 17:23:28 | 028,063,197 | ---- | C] () -- C:\Documents and Settings\User\My Documents\THE VIRGINIAN.wmv

[2011/04/09 20:51:11 | 007,812,812 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.avi

[2011/04/09 20:43:37 | 009,526,465 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Boehner Funds Planned Parenthood And Obamacare.flv

[2011/04/09 12:59:38 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Buy Natures Best Vitamin B3 (Niacin) 250mg from Natures Best.url

[2011/04/08 23:39:37 | 013,179,592 | ---- | C] () -- C:\Documents and Settings\User\My Documents\dap96upg.exe

[2011/04/08 22:34:33 | 862,688,736 | ---- | C] () -- C:\Documents and Settings\User\My Documents\BlackMirrorIII-DEMO_en.exe.dap

[2011/04/08 15:46:53 | 036,317,780 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.avi

[2011/04/08 12:48:11 | 026,107,199 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Trump Suzanne Malvaux On The Ropes.flv

[2011/04/07 21:33:44 | 034,395,498 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.avi

[2011/04/07 20:58:38 | 024,011,538 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Obama Under Investigation.flv

[2011/04/07 13:25:11 | 098,232,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..avi

[2011/04/07 13:19:10 | 094,871,351 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Labour25 Pedo Alert..flv

[2011/04/06 22:19:42 | 002,796,296 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA_xvid.avi

[2011/04/06 22:16:01 | 005,771,142 | ---- | C] () -- C:\Documents and Settings\User\My Documents\OBAMA HATES AMERICA.flv

[2011/04/05 23:17:52 | 050,597,560 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.avi

[2011/04/05 22:59:46 | 077,343,310 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump I'll Save The Economy.avi

[2011/04/05 21:12:12 | 024,853,090 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump Frank Gaffney Martha Zoeller.flv

[2011/04/05 18:11:17 | 112,503,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.avi

[2011/04/03 20:58:58 | 006,201,531 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Training Al Qaeda In Libya.flv

[2011/04/02 14:08:07 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Conservative News, Views & Books - HUMAN EVENTS.url

[2011/04/01 20:54:31 | 004,254,288 | ---- | C] () -- C:\Documents and Settings\User\My Documents\American Songspace SoulSpeak Publishing LLC..mp3

[2011/04/01 20:00:17 | 141,598,029 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Birth Pastor Manning Backs Trump.flv

[2011/04/01 15:06:20 | 027,691,266 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.avi

[2011/04/01 15:02:24 | 025,972,649 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYAN REBEL LEADER STORMS OFF SHOW.flv

[2011/04/01 14:11:24 | 006,331,196 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama 2012 Change We Are Thriving On.flv

[2011/03/30 21:29:56 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\User\Desktop\American Songspace SoulSpeak Publishing LLC..url

[2011/03/30 19:17:46 | 058,406,226 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Donald Trump dirverts from the script - Libya, Birther and Presidential Bid.avi

[2011/03/30 18:24:21 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Chernobyl Demo.lnk

[2011/03/30 10:53:10 | 012,788,954 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama's Fake Family Photo_xvid.avi

[2011/03/29 22:03:07 | 002,137,762 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria No Fly Zone.avi

[2011/03/29 21:59:21 | 003,263,220 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Prime Minister David Cameron 'This Is Not About Libyan Oil'.flv

[2011/03/29 18:40:09 | 006,298,356 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Better days ahead for Libya'_xvid.avi

[2011/03/29 18:21:40 | 009,997,336 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron 'Ivory Coast Needs Our Help'.flv

[2011/03/29 16:23:22 | 020,603,566 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Antifa Fad - Radicals for The Establishment_xvid.avi

[2011/03/29 14:59:06 | 020,678,028 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Michael Savage Shouts Over Obama's Libya Speech_xvid.avi

[2011/03/29 13:57:29 | 016,289,269 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Cameron Syria, Turkey, Iran Are Innocent.flv

[2011/03/28 18:56:15 | 061,445,106 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Next Us President. DONALD TRUMP_xvid.avi

[2011/03/28 13:15:05 | 008,835,898 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Obama Lied Libyans Died.avi

[2011/03/26 19:51:30 | 026,568,950 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London)_xvid.avi

[2011/03/26 19:34:49 | 019,486,349 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Clash - White Riot Live (1978 Victoria Park London).flv

[2011/03/26 15:28:37 | 008,992,928 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2012 Enter The Donald.flv

[2011/03/26 00:39:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Free FLV Converter.lnk

[2011/03/25 22:52:00 | 1902,021,466 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Crysis_SP_Demo.zip.dap

[2011/03/25 00:09:56 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\User\Desktop\YouTube - ONCE UPON A HONEYMOON 1956 BELL SYSTEM.url

[2011/03/24 23:34:41 | 008,524,519 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Libya Should Attack UK And US.flv

[2011/03/23 22:47:30 | 019,800,764 | ---- | C] () -- C:\Documents and Settings\User\My Documents\LIBYA ~ FULL VERSION OF GADDAFI's LATEST SPEACH ON LIBIAN TV_xvid.avi

[2011/03/22 19:17:57 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\User\My Documents\GadaffiAdmitsPoliticalAsylumisaHoax.html

[2011/03/22 18:58:42 | 001,478,110 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Gadaffi Admits Political Asylum is a Hoax.flv

[2011/03/22 13:34:30 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk

[2011/03/06 14:47:18 | 000,067,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/03/03 01:21:51 | 000,306,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/02/18 14:15:59 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/01/31 21:43:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat

[2011/01/18 19:23:18 | 000,000,131 | ---- | C] () -- C:\WINDOWS\CRC.INI

[2010/12/30 13:50:59 | 000,018,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\evdd.sys

[2010/12/30 00:40:50 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat

[2010/12/02 13:59:52 | 000,073,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdisk.sys

[2010/12/02 13:59:38 | 000,428,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBVD.sys

[2010/12/02 13:59:32 | 000,573,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdbus.sys

[2010/09/27 14:29:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/09/27 14:29:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/09/27 14:29:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/09/20 16:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSVCPDRV.SYS

[2010/09/20 16:28:50 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys

[2010/06/04 18:54:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini

[2010/05/24 19:54:01 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/05/16 19:18:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2010/04/29 20:27:14 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/29 12:34:51 | 000,000,258 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2010/04/24 12:03:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/04/16 17:39:11 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/04/13 18:10:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/04/13 17:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/04/13 17:50:08 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/13 17:25:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/04/13 17:25:12 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/04/13 17:10:47 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll

[2010/04/13 17:10:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll

[2010/04/13 17:10:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll

[2010/04/13 17:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/04/13 16:58:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 06:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/14 06:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/14 06:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/14 06:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/14 06:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/12/19 07:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2006/12/12 10:48:22 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2006/12/12 10:46:52 | 000,037,888 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE

[2006/12/12 10:39:02 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2006/12/12 10:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2006/12/12 10:36:32 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2006/12/12 10:36:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT

[2006/12/12 10:34:30 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT

[2006/12/12 10:34:22 | 000,240,568 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT

[2006/12/12 10:34:22 | 000,114,908 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT

[2006/12/12 10:34:06 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat

[2006/12/12 10:34:06 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat

[2006/12/12 10:34:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE

[2006/11/30 08:01:26 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006/05/18 07:03:24 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 13:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 13:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1997/08/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1997/08/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

 

========== Custom Scans ==========

 

 

 

< MD5 for: SFCFILES.DLL >

[2010/04/13 13:08:21 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=F49C5C12A14F20A45F61977CF384B7FC -- C:\WINDOWS\system32\sfcfiles.dll

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

 

Thanks,

sara :)