[Wynn_M]

This problem started a few days ago when the memory loss messages began when I either rebooted or closed down the PC. The message was "Instruction at OX73e5e2a0 reference memory at 0X00144e24 could not be read". The numbers were not always the same at every closure but the message is the same.

Two weeks ago I reinstalled Windows XP Home Edition after formatting the whole disk and started afresh because of a nasty bug (nameless) couldn't be removed - damage was done. Unbelieveable that after all the work reinstating my cleaned hard disk and files the PC is sick again. The original bug destroyed windows firewall, system restore and windows update to name a few. These are all working fine now and MS Essentials is 'guarding the door' after a successful full scan.

So far MS Ess. scans have found nothing nasty. As I type this log entry the words are stuttering and not keeping up with my fingers till I stop typing. Another symptom? I hope the experts on this forum can help without having to reinstall windows again. Thanks. OTL logs below and MS Malicious Items removal tool full PC scan found nothing.

Wynn_M

OTL logfile created on: 5/10/2011 9:54:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wynn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 448.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 65.89 Gb Free Space | 84.34% Space Free | Partition Type: NTFS
Drive D: | 15.66 Mb Total Space | 7.97 Mb Free Space | 50.89% Space Free | Partition Type: NTFS
Drive E: | 115.53 Gb Total Space | 106.47 Gb Free Space | 92.16% Space Free | Partition Type: NTFS
Drive F: | 149.01 Mb Total Space | 142.51 Mb Free Space | 95.64% Space Free | Partition Type: NTFS
Drive G: | 39.06 Gb Total Space | 38.88 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 255.91 Gb Free Space | 85.85% Space Free | Partition Type: NTFS

Computer Name: WYNNM | User Name: Wynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 09:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wynn\Desktop\OTL.exe
PRC - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/12/09 14:08:10 | 000,305,600 | ---- | M] () -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/04 07:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/01 11:33:00 | 000,053,248 | ---- | M] (ali) -- C:\USBStorage\USBDetector.exe
PRC - [2001/06/21 13:57:34 | 000,045,056 | ---- | M] () -- C:\Program Files\WinTV\hcwP1Utl.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 09:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wynn\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/09 14:08:10 | 000,305,600 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 09:34:05 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{28F360FD-369A-43CE-898D-11F955584328}\MpKsl76f949bf.sys -- (MpKsl76f949bf)
DRV - [2010/12/09 14:15:18 | 000,033,232 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRPD.sys -- (CFRPD)
DRV - [2010/12/09 14:14:56 | 000,066,584 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/24 14:25:36 | 000,011,776 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2011/05/03 10:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wynn\Application Data\Mozilla\Extensions
[2011/05/03 10:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wynn\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [hcwPVRReset] C:\Program Files\WinTV\hcwP1Utl.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [USBDetector] C:\USBStorage\USBDetector.exe (ali)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1304250386250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/01 11:33:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 09:41:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wynn\Desktop\OTL.exe
[2011/05/09 20:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Start Menu\Programs\NirSoft BlueScreenView
[2011/05/09 20:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/05/09 14:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/05/09 14:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/05/07 20:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Friday's games
[2011/05/07 16:04:15 | 000,005,183 | ---- | C] (USB Compliance) -- C:\WINDOWS\System32\drivers\usbu2a.sys
[2011/05/07 16:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Storage
[2011/05/07 16:03:53 | 000,000,000 | ---D | C] -- C:\USBStorage
[2011/05/07 14:19:57 | 000,331,776 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwSoloCap.ax
[2011/05/07 14:19:57 | 000,200,704 | ---- | C] (ViewCast.com / Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwo2kusr.dll
[2011/05/07 14:19:57 | 000,057,344 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwSnap.ax
[2011/05/07 14:19:57 | 000,057,344 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwMPEGSPlitter.ax
[2011/05/07 14:19:57 | 000,053,248 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwslipFR.ax
[2011/05/07 14:19:57 | 000,045,056 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwslipWriter.ax
[2011/05/07 14:19:57 | 000,023,040 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwCN878Diag.ax
[2011/05/07 14:19:56 | 000,077,824 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwo2kboard.dll
[2011/05/07 14:19:56 | 000,023,552 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\drivers\bt878.sys
[2011/05/07 14:19:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\hauppauge
[2011/05/07 14:18:11 | 000,040,960 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\o100ext.dll
[2011/05/07 14:18:11 | 000,028,672 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\BT848WST.dll
[2011/05/07 14:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hauppauge WinTV
[2011/05/07 14:18:10 | 000,393,216 | ---- | C] (Snowbound Software Corporation (www.Snowbnd.com)) -- C:\WINDOWS\System32\hcwsnbd9.dll
[2011/05/07 14:18:10 | 000,184,832 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwChan.dll
[2011/05/07 14:18:10 | 000,155,648 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwtvwnd.dll
[2011/05/07 14:18:10 | 000,155,648 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwpnp32.dll
[2011/05/07 14:18:10 | 000,147,456 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwav.dll
[2011/05/07 14:18:10 | 000,139,322 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwAud32.dll
[2011/05/07 14:18:10 | 000,138,932 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\drivers\HCW848NT.sys
[2011/05/07 14:18:10 | 000,118,784 | ---- | C] (ViewCast.com / Osprey Technologies, Inc.) -- C:\WINDOWS\System32\O100vc.dll
[2011/05/07 14:18:10 | 000,102,400 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwTVDlg.dll
[2011/05/07 14:18:10 | 000,048,128 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwtuner.dll
[2011/05/07 14:18:10 | 000,045,056 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\hcwi2c32.dll
[2011/05/07 14:18:10 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwutl32.dll
[2011/05/07 14:18:10 | 000,036,864 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwps32.dll
[2011/05/07 14:18:10 | 000,032,768 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\hcwhook.dll
[2011/05/07 14:18:10 | 000,028,672 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\BTGPIO32.dll
[2011/05/07 14:18:10 | 000,016,384 | ---- | C] (Hauppauge Computer Works) -- C:\WINDOWS\System32\Bt848_32.dll
[2011/05/07 14:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinTV
[2011/05/07 12:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/05/07 12:03:21 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/05 16:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/05 16:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/05 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/05 16:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Sun
[2011/05/05 15:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/05/05 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/05/05 15:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/05 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
[2011/05/05 15:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2011/05/04 14:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\Temp
[2011/05/03 16:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\HTConsulting
[2011/05/03 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\ClipGuru
[2011/05/03 16:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/03 15:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/03 15:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/03 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\ApplicationHistory
[2011/05/03 15:22:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/03 15:22:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/03 15:22:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/05/03 15:22:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/03 15:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/05/03 15:20:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/05/03 15:20:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/05/03 15:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/05/03 14:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/05/03 14:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/03 14:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/05/03 14:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/05/03 14:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/05/03 13:39:46 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/05/03 13:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/05/03 13:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Google
[2011/05/03 13:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/05/03 13:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/03 13:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/05/03 13:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/03 13:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2011/05/03 10:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Mozilla
[2011/05/03 10:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\Thunderbird
[2011/05/03 10:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Thunderbird
[2011/05/02 18:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BlitPop
[2011/05/02 17:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/05/02 17:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
[2011/05/02 17:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\WinRAR
[2011/05/02 17:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcadeOld
[2011/05/02 17:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\My Documents\Downloads
[2011/05/02 17:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Start Menu\Programs\Google Chrome
[2011/05/02 17:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\Google
[2011/05/02 16:00:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wynn\IECompatCache
[2011/05/02 11:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\Identities
[2011/05/01 21:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ClipGuru
[2011/05/01 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\TreeCardGames
[2011/05/01 21:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Spider
[2011/05/01 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/01 15:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Macromedia
[2011/05/01 15:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
[2011/05/01 15:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2011/05/01 15:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\The Weather Channel
[2011/05/01 14:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/05/01 14:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Creativity Suite
[2011/05/01 14:10:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/01 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/05/01 14:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\InstallShield
[2011/05/01 14:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
[2011/05/01 14:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2011/05/01 14:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/01 14:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2011/05/01 13:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\TempF6B52220-390B-DB69-EC80-4654A91EE097-Signatures
[2011/05/01 13:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/01 13:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Adobe
[2011/05/01 13:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/01 13:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/01 13:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/05/01 13:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/01 13:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/05/01 13:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/01 13:40:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/01 13:37:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/01 13:19:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/05/01 13:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/05/01 13:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/05/01 13:19:39 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/05/01 13:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/05/01 13:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/05/01 13:19:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/05/01 13:19:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/01 13:19:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/05/01 13:19:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/05/01 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/05/01 13:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/05/01 13:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/05/01 13:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/05/01 13:17:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/01 13:17:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/05/01 13:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/05/01 13:16:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/01 13:10:09 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/05/01 13:10:09 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/05/01 13:10:09 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/05/01 13:10:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/05/01 13:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/05/01 13:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/01 13:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/05/01 12:46:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wynn\PrivacIE
[2011/05/01 12:37:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/05/01 12:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/01 12:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/01 12:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/01 12:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/01 12:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/01 12:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/05/01 12:25:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/01 12:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/05/01 12:21:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wynn\IETldCache
[2011/05/01 12:19:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/01 12:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/01 12:18:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/01 12:18:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/01 12:15:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/05/01 12:13:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/05/01 11:50:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/05/01 11:50:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/05/01 11:50:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/05/01 11:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Application Data\Identities
[2011/05/01 11:49:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/05/01 11:49:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\My Documents\My Pictures
[2011/05/01 11:49:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\My Documents\My Music
[2011/05/01 11:49:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Wynn\Application Data\Microsoft
[2011/05/01 11:49:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wynn\SendTo
[2011/05/01 11:49:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wynn\Recent
[2011/05/01 11:49:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wynn\Application Data
[2011/05/01 11:49:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\Start Menu\Programs\Startup
[2011/05/01 11:49:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\Start Menu
[2011/05/01 11:49:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\My Documents
[2011/05/01 11:49:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\Favorites
[2011/05/01 11:49:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wynn\Start Menu\Programs\Accessories
[2011/05/01 11:49:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Wynn\Cookies
[2011/05/01 11:49:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Wynn\Templates
[2011/05/01 11:49:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Wynn\PrintHood
[2011/05/01 11:49:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Wynn\NetHood
[2011/05/01 11:49:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Wynn\Local Settings
[2011/05/01 11:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Local Settings\Application Data\Microsoft
[2011/05/01 11:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wynn\Desktop
[2011/05/01 11:45:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/05/01 11:44:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/05/01 11:44:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/05/01 11:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/05/01 11:44:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/05/01 11:43:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/05/01 11:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/05/01 11:34:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/01 11:34:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/01 11:33:44 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/01 11:33:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/05/01 11:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/05/01 11:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/05/01 11:32:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/05/01 11:32:13 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/05/01 11:32:13 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/05/01 11:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/05/01 11:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/05/01 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/05/01 11:31:10 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/05/01 11:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/05/01 11:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/05/01 11:31:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/05/01 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/05/01 11:30:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/05/01 11:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/05/01 11:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/05/01 11:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/05/01 11:30:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/05/01 11:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/05/01 11:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/05/01 11:30:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/01 11:30:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/05/01 11:29:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/05/01 11:29:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/05/01 11:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/05/01 11:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/05/01 11:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/05/01 11:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/05/01 11:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/05/01 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/05/01 11:29:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/05/01 11:29:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/05/01 11:27:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 09:46:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004UA.job
[2011/05/10 09:41:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wynn\Desktop\OTL.exe
[2011/05/10 09:39:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/10 09:37:49 | 000,480,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/10 09:37:49 | 000,079,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/10 09:35:20 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Memory Loss! - Geeks to Go Forums.url
[2011/05/10 09:33:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 09:33:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 00:42:46 | 000,014,847 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011/05/10 00:42:43 | 001,304,292 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/05/10 00:42:43 | 000,167,754 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/05/10 00:27:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 00:07:20 | 000,118,136 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\page__p__2008236__fromsearch__1.htm
[2011/05/09 20:03:17 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/09 17:46:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004Core.job
[2011/05/09 16:44:13 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Bing Translator.url
[2011/05/09 16:20:19 | 000,000,102 | ---- | M] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk
[2011/05/09 14:39:37 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\backgw32.lnk
[2011/05/09 14:02:27 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/05/09 14:01:20 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Cleaner.lnk
[2011/05/09 11:07:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 11:05:57 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Microsoft Update.url
[2011/05/07 20:08:02 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Stray Souls - Dollhouse Story.lnk
[2011/05/07 16:38:48 | 000,000,988 | ---- | M] () -- C:\UFantasy.ini
[2011/05/07 13:28:51 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2011/05/07 12:04:35 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/07 12:04:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/07 12:04:33 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/06 23:11:07 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\ClipGuru.lnk
[2011/05/05 17:14:13 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Epson Stylus DX4450 Drivers & Software.url
[2011/05/04 15:58:27 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook.lnk
[2011/05/04 13:01:57 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Support for the WinTV v6 application.url
[2011/05/03 15:30:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/03 15:21:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/03 15:21:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/03 15:20:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/05/03 14:44:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/03 14:07:18 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 10:07:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/03 09:58:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Wynn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 17:42:07 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/02 17:29:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/02 11:59:45 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Gmail.url
[2011/05/01 23:45:07 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Wynn\Desktop\Billionaire II.lnk
[2011/05/01 21:22:42 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Spider.lnk
[2011/05/01 21:12:52 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/01 14:06:24 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2011/05/01 14:06:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011/05/01 13:54:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/01 13:01:49 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/01 13:01:49 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/01 12:35:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/01 12:27:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/01 12:21:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/01 11:49:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/01 11:47:13 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/01 11:43:40 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/01 11:35:01 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/01 11:33:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/01 11:33:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/01 11:33:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/01 11:33:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/01 11:33:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/01 11:32:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/01 11:30:27 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/01 11:27:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 00:07:19 | 000,118,136 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\page__p__2008236__fromsearch__1.htm
[2011/05/09 16:44:13 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Bing Translator.url
[2011/05/09 16:38:27 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Memory Loss! - Geeks to Go Forums.url
[2011/05/09 16:20:19 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk
[2011/05/09 14:39:37 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\backgw32.lnk
[2011/05/09 14:19:19 | 000,014,847 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011/05/09 14:19:09 | 000,167,754 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/05/09 14:19:08 | 001,304,292 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/05/09 14:02:27 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/05/09 14:01:20 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Cleaner.lnk
[2011/05/07 20:08:02 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Stray Souls - Dollhouse Story.lnk
[2011/05/07 16:38:48 | 000,000,988 | ---- | C] () -- C:\UFantasy.ini
[2011/05/07 14:18:11 | 000,102,038 | ---- | C] () -- C:\WINDOWS\System32\HCW848UN.EXE
[2011/05/06 23:11:07 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\ClipGuru.lnk
[2011/05/05 17:14:13 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Epson Stylus DX4450 Drivers & Software.url
[2011/05/05 15:57:39 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2011/05/04 15:58:27 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook.lnk
[2011/05/04 15:23:39 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2011/05/04 15:23:39 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2011/05/04 15:23:39 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2011/05/04 15:23:39 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2011/05/04 15:23:39 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2011/05/04 15:23:39 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2011/05/04 15:23:39 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2011/05/04 15:23:39 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2011/05/04 15:23:38 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2011/05/04 15:23:38 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2011/05/04 15:23:38 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2011/05/04 15:23:38 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2011/05/04 15:23:38 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2011/05/04 15:23:38 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2011/05/04 15:23:37 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2011/05/04 15:23:37 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2011/05/04 15:23:37 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2011/05/03 15:20:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/05/03 15:19:23 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/03 14:44:38 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/03 14:44:35 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/03 14:44:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/03 14:44:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/03 14:23:22 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Microsoft Update.url
[2011/05/03 13:12:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 13:12:27 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 10:07:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/03 09:58:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Wynn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 17:42:07 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/02 17:41:20 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004UA.job
[2011/05/02 17:41:19 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004Core.job
[2011/05/02 12:33:51 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Support for the WinTV v6 application.url
[2011/05/02 11:59:45 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Gmail.url
[2011/05/01 23:45:07 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Wynn\Desktop\Billionaire II.lnk
[2011/05/01 21:22:42 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Spider
[2011/05/01 21:22:42 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Spider.lnk
[2011/05/01 21:12:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/01 21:12:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/01 14:07:15 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/05/01 14:07:15 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/01 14:07:15 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/01 14:07:15 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/05/01 14:07:15 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/05/01 14:07:15 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/05/01 14:07:15 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/05/01 14:07:15 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2011/05/01 14:07:15 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/05/01 14:07:15 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2011/05/01 14:07:15 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2011/05/01 14:07:15 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2011/05/01 14:07:15 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2011/05/01 14:07:15 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2011/05/01 14:07:15 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2011/05/01 14:07:15 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2011/05/01 14:07:15 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2011/05/01 14:07:15 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2011/05/01 14:07:15 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2011/05/01 14:07:15 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/05/01 14:07:15 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2011/05/01 14:07:15 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2011/05/01 14:07:15 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/05/01 14:07:15 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/05/01 14:07:15 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/05/01 14:07:15 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/05/01 14:07:15 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/05/01 14:07:15 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/05/01 14:07:15 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/05/01 14:07:15 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/05/01 14:07:15 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/05/01 14:07:15 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/05/01 14:06:24 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\EPSON Scan.lnk
[2011/05/01 14:06:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2011/05/01 13:59:34 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/01 13:54:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/01 13:44:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/01 13:19:45 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 13:19:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/01 13:19:41 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/05/01 13:19:41 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/05/01 13:19:40 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/05/01 13:19:40 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/05/01 13:19:20 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/05/01 13:17:33 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/05/01 13:17:33 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/05/01 13:17:33 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/05/01 13:17:33 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/05/01 13:17:33 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/05/01 13:17:33 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/05/01 13:17:33 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/05/01 13:17:33 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/05/01 13:16:54 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 13:16:09 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/05/01 13:16:06 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/05/01 13:09:40 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/01 13:01:49 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011/05/01 13:01:49 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011/05/01 12:04:23 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/05/01 12:04:23 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/05/01 12:04:23 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/05/01 12:04:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/05/01 12:04:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/05/01 12:04:23 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/05/01 12:04:23 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/05/01 12:04:23 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/05/01 12:04:23 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/05/01 12:04:23 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/05/01 12:04:23 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/05/01 12:04:23 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/05/01 12:04:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/05/01 12:04:22 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/05/01 12:04:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/05/01 12:04:22 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/05/01 12:04:22 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/05/01 12:04:22 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/05/01 12:04:22 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/05/01 12:04:22 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/05/01 12:04:22 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/05/01 12:04:22 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/05/01 12:04:22 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/05/01 12:04:22 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/05/01 12:04:22 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/05/01 12:04:22 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/05/01 12:04:22 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/05/01 12:04:22 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/05/01 12:04:21 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/05/01 12:04:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/05/01 12:04:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/05/01 12:04:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/05/01 12:04:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/05/01 12:04:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/05/01 12:04:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/05/01 12:04:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/05/01 12:04:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/05/01 12:04:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/05/01 12:04:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/05/01 12:04:21 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/05/01 12:04:21 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/05/01 12:04:20 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/05/01 12:04:19 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/05/01 12:04:19 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/05/01 12:04:19 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/05/01 12:04:19 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/05/01 12:04:18 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/05/01 12:04:18 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/05/01 12:04:18 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/05/01 12:04:17 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/05/01 12:04:17 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/05/01 12:04:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/05/01 12:04:15 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/05/01 12:04:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/05/01 12:04:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/05/01 12:04:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/05/01 12:04:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/05/01 12:04:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/05/01 12:04:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/05/01 12:04:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/05/01 12:04:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/05/01 12:04:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/05/01 12:04:04 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/05/01 11:49:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/01 11:49:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Outlook Express.lnk
[2011/05/01 11:49:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Wynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/01 11:49:23 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Internet Explorer.lnk
[2011/05/01 11:49:14 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Remote Assistance.lnk
[2011/05/01 11:49:14 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Wynn\Start Menu\Programs\Windows Media Player.lnk
[2011/05/01 11:47:14 | 000,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/05/01 11:43:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/05/01 11:35:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/01 11:34:31 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/05/01 11:34:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/05/01 11:34:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/05/01 11:34:13 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/05/01 11:34:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/05/01 11:34:02 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/05/01 11:33:57 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/05/01 11:33:47 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/05/01 11:33:14 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/01 11:33:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/01 11:33:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/01 11:33:14 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/05/01 11:33:14 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/05/01 11:33:06 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/01 11:33:06 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/01 11:33:05 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/05/01 11:32:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/01 11:31:55 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/05/01 11:31:22 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/05/01 11:31:22 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/05/01 11:31:15 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/05/01 11:30:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/01 11:29:32 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/05/01 11:29:32 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/05/01 11:29:32 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/05/01 11:29:32 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/05/01 11:29:31 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/05/01 11:29:31 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/05/01 11:29:31 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/05/01 11:29:31 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/05/01 11:29:31 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/05/01 11:29:31 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/05/01 11:29:31 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/05/01 11:29:28 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/05/01 11:29:28 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/05/01 11:29:26 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/05/01 11:29:20 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/10 05:38:00 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2007/01/24 14:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,480,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,079,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/03 16:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/05 15:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/05/05 15:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/05/07 17:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/05/07 20:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wynn\Application Data\Friday's games
[2011/05/03 16:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wynn\Application Data\HTConsulting
[2011/05/03 10:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wynn\Application Data\Thunderbird
[2011/05/01 21:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wynn\Application Data\TreeCardGames
[2011/05/10 09:39:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 5/10/2011 9:54:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wynn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 448.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 65.89 Gb Free Space | 84.34% Space Free | Partition Type: NTFS
Drive D: | 15.66 Mb Total Space | 7.97 Mb Free Space | 50.89% Space Free | Partition Type: NTFS
Drive E: | 115.53 Gb Total Space | 106.47 Gb Free Space | 92.16% Space Free | Partition Type: NTFS
Drive F: | 149.01 Mb Total Space | 142.51 Mb Free Space | 95.64% Space Free | Partition Type: NTFS
Drive G: | 39.06 Gb Total Space | 38.88 Gb Free Space | 99.54% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 255.91 Gb Free Space | 85.85% Space Free | Partition Type: NTFS

Computer Name: WYNNM | User Name: Wynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"am-straysoulsdollhousestory" = Stray Souls - Dollhouse Story
"Billionaire II_is1" = Billionaire II
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Spider_is1" = Free Spider 2009 v2.0
"Hauppauge WinTV NT4/Win2000 Drivers" = Hauppauge WinTV NT4/Win2000 Drivers
"Hauppauge WinTV PVR (Model 45xxx)" = Hauppauge WinTV PVR (Model 45xxx)
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SystemRequirementsLab" = System Requirements Lab
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2011 7:36:58 AM | Computer Name = WYNNM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/1/2011 7:54:24 AM | Computer Name = WYNNM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 5/3/2011 6:28:43 AM | Computer Name = WYNNM | Source = Application Hang | ID = 1002
Description = Hanging application GH-EchoesOfSorrow.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/4/2011 10:01:37 AM | Computer Name = WYNNM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19046, fault address 0x001f3a73.

Error - 5/5/2011 10:47:01 AM | Computer Name = WYNNM | Source = Application Hang | ID = 1002
Description = Hanging application EPSetup.exe, version 4.4.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2011 12:34:47 PM | Computer Name = WYNNM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
5, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 5/2/2011 5:28:48 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/4/2011 12:58:48 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/5/2011 4:26:53 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/5/2011 4:26:53 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/5/2011 4:26:53 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/5/2011 4:26:53 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 5/6/2011 6:07:39 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/6/2011 6:07:39 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/6/2011 6:07:39 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.

Error - 5/6/2011 6:07:39 AM | Computer Name = WYNNM | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.


< End of report >

OTL logfile created on: 5/10/2011 9:54:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Wynn\Desktop

[Advertisements]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I see you have COMODO System-Cleaner installed...This application is undesirable to say the least and has the potential to both mangle the Registry and Operating System as a whole. My advice is you uninstall it, though that is at your own discretion. For myself I would not use it on any of my machines.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
• Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

• Double-click OTL.exe to start the program.
• Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk = File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and select then follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan. <-- Select C, D, E, F, G & H to be scanned
• When the scan is complete, click OK, then Show Results to view the results.
• Check(select) all items except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

• Launch Malwarebytes' Anti-Malware
• Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• Malwarebytes Anti-Malware Log.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I see you have COMODO System-Cleaner installed...This application is undesirable to say the least and has the potential to both mangle the Registry and Operating System as a whole. My advice is you uninstall it, though that is at your own discretion. For myself I would not use it on any of my machines.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
• Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

• Double-click OTL.exe to start the program.
• Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk = File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and select then follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan. <-- Select C, D, E, F, G & H to be scanned
• When the scan is complete, click OK, then Show Results to view the results.
• Check(select) all items except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

• Launch Malwarebytes' Anti-Malware
• Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• Malwarebytes Anti-Malware Log.

[Wynn_M]

Hi Dakeyras
At last, took time but the instructions have been carried out and the results follow: External drive H: USB 300GB containing previous backups disappeared as did the printer. That was before the new clean. Neither recognised on bootup. Results as follows:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr not found.
C:\WINDOWS\ALCMTR.EXE moved successfully.
C:\Documents and Settings\Wynn\Start Menu\Programs\Startup\ClipGuru.lnk moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\002558_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Wynn\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Wynn\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ALCMTR.EXE-235F9538.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA.EXE-2F7A6F0C.pf moved successfully.
C:\WINDOWS\prefetch\AM_DELTA_PATCH3.EXE-3367F33D.pf moved successfully.
C:\WINDOWS\prefetch\BACKGW32.EXE-2C847156.pf moved successfully.
C:\WINDOWS\prefetch\BILLION.EXE-15B8155D.pf moved successfully.
C:\WINDOWS\prefetch\BLUESCREENVIEW.EXE-05D6E019.pf moved successfully.
C:\WINDOWS\prefetch\BLUESCREENVIEW.EXE-0B5E96A3.pf moved successfully.
C:\WINDOWS\prefetch\BLUESCREENVIEW.EXE-2E0BFE87.pf moved successfully.
C:\WINDOWS\prefetch\BLUESCREENVIEW_SETUP.EXE-19073113.pf moved successfully.
C:\WINDOWS\prefetch\CCLEANER.EXE-0BCE437C.pf moved successfully.
C:\WINDOWS\prefetch\CCSETUP306[1].EXE-1C9DA741.pf moved successfully.
C:\WINDOWS\prefetch\CLEANER_VALIDATOR.EXE-2718C46D.pf moved successfully.
C:\WINDOWS\prefetch\CLEANMGR.EXE-1F86EA8E.pf moved successfully.
C:\WINDOWS\prefetch\CLIPGURU.EXE-20E306C9.pf moved successfully.
C:\WINDOWS\prefetch\COMUPDATUS.EXE-293472AC.pf moved successfully.
C:\WINDOWS\prefetch\CSC.EXE-01730C27.pf moved successfully.
C:\WINDOWS\prefetch\CSC.EXE-0B7492CD.pf moved successfully.
C:\WINDOWS\prefetch\CSC_3.0.172695.53_XP_VISTA_SE-2F808049.pf moved successfully.
C:\WINDOWS\prefetch\CVTRES.EXE-2329DCD5.pf moved successfully.
C:\WINDOWS\prefetch\DAEMONU.EXE-0F10B80C.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DESKTOPWEATHER.EXE-1793B63A.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DRIVERSHQ.DRIVERDETECTIVE.CLI-05DE9EFF.pf moved successfully.
C:\WINDOWS\prefetch\DX-ECDRW100_DRIVERS.EXE-282B0BFE.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\E_FAMTCAE.EXE-29C6D6C3.pf moved successfully.
C:\WINDOWS\prefetch\E_FARNCAE.EXE-11AC5941.pf moved successfully.
C:\WINDOWS\prefetch\E_FATICAE.EXE-203F5F2E.pf moved successfully.
C:\WINDOWS\prefetch\E_FBCSCAE.EXE-3AC077B9.pf moved successfully.
C:\WINDOWS\prefetch\E_S40RP7.EXE-07C9EE05.pf moved successfully.
C:\WINDOWS\prefetch\FREESPIDER.EXE-21F227C6.pf moved successfully.
C:\WINDOWS\prefetch\GAMEINSTALLER.EXE-075662E4.pf moved successfully.
C:\WINDOWS\prefetch\GH-STRAYSOULS.EXE-01706852.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-05F3EAED.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-0DCC203F.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_C8CBFED7-39E8F175.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-3B7CFD3E.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATEONDEMAND.EXE-3298D0AF.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
C:\WINDOWS\prefetch\GRPCONV.EXE-111CD845.pf moved successfully.
C:\WINDOWS\prefetch\HCWP1UTL.EXE-160A20F0.pf moved successfully.
C:\WINDOWS\prefetch\HELPCTR.EXE-3862B6F5.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\HH.EXE-2D1A70B3.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\JAUCHECK.EXE-0CBF467B.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MMC.EXE-1EF9AA05.pf moved successfully.
C:\WINDOWS\prefetch\MPCMDRUN.EXE-1F94F686.pf moved successfully.
C:\WINDOWS\prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.
C:\WINDOWS\prefetch\MRT.EXE-1B4A8D49.pf moved successfully.
C:\WINDOWS\prefetch\MRTSTUB.EXE-396DD063.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf moved successfully.
C:\WINDOWS\prefetch\MSOHTMED.EXE-1BD4AAD2.pf moved successfully.
C:\WINDOWS\prefetch\MSSECES.EXE-14257906.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NS19F.TMP-0120837F.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NWIZ.EXE-03B4F2CF.pf moved successfully.
C:\WINDOWS\prefetch\OSE.EXE-0F55A866.pf moved successfully.
C:\WINDOWS\prefetch\OSE.EXE-108AC98F.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-0C9F623F.pf moved successfully.
C:\WINDOWS\prefetch\PING.EXE-31216D26.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\RTHDCPL.EXE-06918CFA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1619A94E.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-185B3AEE.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1BC55A4F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1CF7AA4B.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-22D259DA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-268BFF96.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2A94BB85.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2E5AF1D7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3233D1D7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-35A483DA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-38E27342.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-415F88EC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4A60BFB6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4CE05486.pf moved successfully.
C:\WINDOWS\prefetch\RUNONCE.EXE-2803F297.pf moved successfully.
C:\WINDOWS\prefetch\SDX4400_CX5500_4300_W2K_655ES-32A5A6AA.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-0509CE76.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-0F40F254.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-0F460AC8.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-18D3E2DA.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-392F8E11.pf moved successfully.
C:\WINDOWS\prefetch\SETUP_WM.EXE-3135CBD6.pf moved successfully.
C:\WINDOWS\prefetch\SNMP.EXE-0E0E1166.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\TOMI2.THEGATESOFFATE.EXE-30CEB8E6.pf moved successfully.
C:\WINDOWS\prefetch\U2AREMOVE.EXE-04C2090C.pf moved successfully.
C:\WINDOWS\prefetch\UNRAR.EXE-33500E55.pf moved successfully.
C:\WINDOWS\prefetch\UNREGMP2.EXE-07CACB61.pf moved successfully.
C:\WINDOWS\prefetch\UPDATER.EXE-2E96421F.pf moved successfully.
C:\WINDOWS\prefetch\USBDETECTOR.EXE-3258C29B.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VEW.EXE-294B4B67.pf moved successfully.
C:\WINDOWS\prefetch\WHOCRASHED.EXE-2E7EEF42.pf moved successfully.
C:\WINDOWS\prefetch\WHOCRASHEDEX.EXE-22AEC271.pf moved successfully.
C:\WINDOWS\prefetch\WHOCRASHEDSETUP.EXE-2BDDC380.pf moved successfully.
C:\WINDOWS\prefetch\WHOCRASHEDSETUP.TMP-276DA3EC.pf moved successfully.
C:\WINDOWS\prefetch\WHOCRASHEDSETUP.TMP-2B4A03EC.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWS-KB890830-V3.19.EXE-1B4CDE0E.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEF9C.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEF9D.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA2.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA6.pf moved successfully.
C:\WINDOWS\prefetch\WMPSHARE.EXE-18505C79.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\_INS5576._MP-30BEC56F.pf moved successfully.
C:\WINDOWS\prefetch\_ISDEL.EXE-0507C290.pf moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: UpdatusUser

User: Wynn
->Flash cache emptied: 626 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 164374 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wynn
->Temp folder emptied: 20785729 bytes
->Temporary Internet Files folder emptied: 6429907 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 523489 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 44992355 bytes

Total Files Cleaned = 70.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05142011_124347

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF1061.tmp not found!
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF1073.tmp not found!
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF10DA.tmp not found!
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF10E6.tmp not found!
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF1116.tmp not found!
File\Folder C:\Documents and Settings\Wynn\Local Settings\Temp\~DF1122.tmp not found!
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\Content.IE5\PA3KT93U\ads[1].htm moved successfully.
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\Content.IE5\NCRLO0M2\ads[1].htm moved successfully.
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\Content.IE5\NCRLO0M2\page__pid__2010230[1].htm moved successfully.
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\Content.IE5\LKJHXJPJ\ads[1].htm moved successfully.
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\Content.IE5\LKJHXJPJ\ads[2].htm moved successfully.
C:\Documents and Settings\Wynn\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_370.dat moved successfully.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6576

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2011 1:34:16 PM
mbam-log-2011-05-14 (13-33-46).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 197093
Time elapsed: 23 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\uninstalled\solsuite solitaire 2009 v9.9\patch\Patch.exe (RiskWare.Tool.CK) -> No action taken.

[Dakeyras]

Hi.

You need to check for updates and run a scan again with Malwarebytes' Anti-Malware and remove what is flagged, specifically:-

e:\uninstalled\solsuite solitaire 2009 v9.9\patch\Patch.exe (RiskWare.Tool.CK)

The above has the ability to compromise a machine, when done so please post the new log for my review.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

CKScanner:

• Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

• Double-click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify the file saved
• Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

[Wynn_M]

More logs:
Wynn_M


#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2011-05-14 17:14:34 CLOSE UDP 83.85.71.9 212.54.40.25 63883 53 - - - - - - - - -
2011-05-14 17:14:40 DROP TCP 88.221.216.58 83.85.71.9 80 1322 48 SA 1214759267 3860473689 5840 - - - RECEIVE
2011-05-14 17:15:01 OPEN UDP 83.85.71.9 212.54.40.25 59747 53 - - - - - - - - -
2011-05-14 17:15:06 OPEN UDP 83.85.71.9 212.54.40.25 59662 53 - - - - - - - - -
2011-05-14 17:15:28 DROP TCP 88.221.216.58 83.85.71.9 80 1322 48 SA 1214759267 3860473689 5840 - - - RECEIVE
2011-05-14 17:15:34 CLOSE UDP 83.85.71.9 212.54.40.25 55022 53 - - - - - - - - -
2011-05-14 17:15:42 CLOSE TCP 83.85.71.9 96.8.80.123 1310 80 - - - - - - - - -
2011-05-14 17:16:34 CLOSE UDP 83.85.71.9 212.54.40.25 59747 53 - - - - - - - - -
2011-05-14 17:16:34 CLOSE UDP 83.85.71.9 212.54.40.25 59662 53 - - - - - - - - -
2011-05-14 17:16:36 OPEN UDP 83.85.71.9 212.54.40.25 55687 53 - - - - - - - - -
2011-05-14 17:16:46 OPEN UDP 83.85.71.9 212.54.40.25 63884 53 - - - - - - - - -


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6576

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/14/2011 4:08:02 PM
mbam-log-2011-05-14 (16-08-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 197188
Time elapsed: 21 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

[Dakeyras]

Hi.

I apologise for the delay, I have been experiencing intermittent ISP problems...

Scan With RKUnHooker:

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of the report and paste it in a reply here.

Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

[Wynn_M]

Hello,
Here's the RK report you asked for. If youre not familiar with Trusteer Ltd Rapport, its an extra security appl that the Royal Bank of Scotland RBS insists on downloading for online bankers. It can be used for all sensitive sites at the descretion of the user and sits in the URL bar. Turns green when in use. Its not a problem. I'm still having the usual close down OX problem and I can't use my printer or the external disk. I hope this little gadget will do the trick. Good Luck. I haven't unhooked anything yet. Hope your ISP probs are resolved.

Wynn_M


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF64DC000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12505088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 270.61 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4112384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 270.61 )
0xF2D6E000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7442000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF644C000 C:\WINDOWS\system32\drivers\hcw88vid.sys 507904 bytes (Hauppauge Computer Works, Inc, WinTV Cx880 Video Capture Driver)
0xF2B64000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF627B000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF2C6F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7949000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD3FE000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB735D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7560000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7A41000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7415000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB6AEA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF2BFA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF3153000 C:\WINDOWS\system32\drivers\hcw88tun.sys 163840 bytes (Hauppauge Computer Works, Inc., WinTV Cx880 Tuner Driver)
0xF63C9000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2C47000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF2CFB000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xF2A9E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF2BD4000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
0xB73C6000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF2D4A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6405000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6429000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2C25000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74F8000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7530000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF73FB000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7518000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF2A5E000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF74CF000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF638A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB77CC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF63F1000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF64C8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2CC8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF74E6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF754F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF62D9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF633A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF771F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF775F000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF764F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76FF000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 61440 bytes (Trusteer Ltd., RapportEI)
0xF772F000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7C06000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF777F000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF75EF000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF774F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF637A000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26169.sys 53248 bytes (Trusteer Ltd., RapportCerberus)
0xF778F000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF770F000 C:\WINDOWS\system32\drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF75CF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 49152 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF760F000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xF75FF000 RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF636A000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF773F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75BF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF779F000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF781F000 C:\WINDOWS\system32\drivers\HCW88BAR.sys 40960 bytes (Hauppauge Computer Works, Inc., WinTV Cx880 Crossbar Driver)
0xF75AF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77FF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75DF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76DF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB6F25000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF635A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF793F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF782F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78A7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF790F000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E284078-DF1B-4AD6-8952-5EF497BC2D94}\MpKsl47cc3788.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF7897000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF792F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7937000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7837000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78BF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78C7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78B7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7947000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AA3000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7DAE000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB70B5000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys 16384 bytes (Trusteer Ltd., RapportIaso)
0xF7A63000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79BF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF63C5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A4F000 C:\WINDOWS\System32\Drivers\hcw88rc5.sys 12288 bytes (Hauppauge Computer Works, Inc., RC5 Decoder Driver)
0xF7A7F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF2D46000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B3F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B47000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B3D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AAF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B41000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B0B000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B43000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7ABD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AB3000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AB1000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C85000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BF4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CF1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B77000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9B8, Type: Inline - RelativeJump 0x804E29B8-->804E29AB [ntoskrnl.exe]
ntoskrnl.exe+0x000A4C56, Type: Inline - RelativeJump 0x8057BC56-->F7B790A8 [unknown_code_page]
ntoskrnl.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x8057BC5B-->8057BC5A [ntoskrnl.exe]
[360]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[360]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[360]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[360]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[360]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[360]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[360]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[Dakeyras]

Hi.

Thanks and for the update also, lets proceed as follows shall we...

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any other symptoms and or problems encountered?
• ComboFix Log.

[Wynn_M]

Hi, That exercise broke out a sweat on my forehead. However, it appears that Combo has fixed the rootkit invader so BINGO.
I tried to print out the Combo log but it only proved that the printer is not playing ball. Neither is the 300Gig external disk. Do you think maybe the Bootup system is at fault? I've been wondering what you have learned from all the other appl. downloads/results/etc. Could I have some feedback on that please. I have a list of chipset driver updates required according to Driver Detective but I'm hesitant to attempt the exercise.

Wynn_M

ComboFix 11-05-17.01 - Wynn 05/18/2011 11:50:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.584 [GMT 2:00]
Running from: c:\documents and settings\Wynn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-14 10:43 . 2011-05-14 10:43 -------- d-----w- C:\_OTL
2011-05-07 14:03 . 2011-05-13 17:33 -------- d-----w- C:\USBStorage
2011-05-07 10:03 . 2011-05-07 10:03 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2010-07-10 03:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-07-10 03:38 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-07-10 03:38 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-07-10 03:38 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-07-10 03:38 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-07-10 03:38 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-07-10 03:38 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2008-04-14 00:12 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-01 05:37 . 2004-12-16 11:36 48128 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2011-03-11 14:10 . 2004-08-04 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"hcwPVRReset"="c:\progra~1\WinTV\hcwP1Utl.exe" [2001-06-21 45056]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
.
c:\documents and settings\Wynn\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-02-24 00:57 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-09-22 11:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-03 11:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [4/28/2011 2:34 PM 53816]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26169.sys [4/28/2011 2:36 PM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/7/2011 12:05 PM 2218600]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/28/2011 2:34 PM 870200]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [1/24/2007 2:25 PM 11776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1/24/2007 2:25 PM 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1/24/2007 2:25 PM 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1/24/2007 2:25 PM 23552]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [4/28/2011 2:36 PM 18872]
S1 MpKslc66c33b5;MpKslc66c33b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020CCB11-0BB3-42EF-A214-8684EA030A36}\MpKslc66c33b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020CCB11-0BB3-42EF-A214-8684EA030A36}\MpKslc66c33b5.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2011 1:12 PM 136176]
S3 203FC1B4;203FC1B4;c:\windows\system32\203FC1B4.exe --> c:\windows\system32\203FC1B4.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2011 1:12 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 2:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:12]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:12]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004Core.job
- c:\documents and settings\Wynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-02 15:41]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004UA.job
- c:\documents and settings\Wynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-02 15:41]
.
2011-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Alcmtr - ALCMTR.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 11:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-18 11:56:02
ComboFix-quarantined-files.txt 2011-05-18 09:56
.
Pre-Run: 72,751,661,056 bytes free
Post-Run: 72,709,873,664 bytes free
.
- - End Of File - - A284C998158C8C0B656812BC36C88BD6

[Dakeyras]

Hi.

I tried to print out the Combo log but it only proved that the printer is not playing ball. Neither is the 300Gig external disk. Do you think maybe the Bootup system is at fault?

This I cannot fully ascertain until we have completed the Malware Removal process

I've been wondering what you have learned from all the other appl. downloads/results/etc. Could I have some feedback on that please.

So far though we have eradicated some Malware, nothing would really be the cause for your machines problems in my experience. Though anything is possible, as I mentioned prior lets await the outcome of out next course of action.

I have a list of chipset driver updates required according to Driver Detective but I'm hesitant to attempt the exercise.

This I would leave well alone until I give the all clear less it hinder the Malware Removal process and being honest it is not really my sphere of expertise if you will and you would be probably better seeking further assistance with my respected colleague rshaffer61 in your original topic once we have finished here.

Custom ComboFix-Script:

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Driver::
203FC1B4

File::
c:\windows\system32\203FC1B4.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[-HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

ReBoot::

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here to run the scan...Click on Scan Now
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• ComboFix Log.
• Eset Log.

[Wynn_M]

In spite of ESET finding 5 threats - and well after the scan was done/finished - I went out during the scan but the OX fault still appeared when I rebooted on return home. I did not delete any threats.

LOGS

ComboFix 11-05-18.01 - Wynn 05/19/2011 10:18:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.585 [GMT 2:00]
Running from: c:\documents and settings\Wynn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wynn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\203FC1B4.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_203FC1B4
-------\Service_203FC1B4
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-14 10:43 . 2011-05-14 10:43 -------- d-----w- C:\_OTL
2011-05-07 14:03 . 2011-05-13 17:33 -------- d-----w- C:\USBStorage
2011-05-07 10:03 . 2011-05-07 10:03 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 08:25 . 2011-05-19 08:25 97514 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-08 05:14 . 2010-07-10 03:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-07-10 03:38 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-07-10 03:38 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-07-10 03:38 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-07-10 03:38 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-07-10 03:38 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-07-10 03:38 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2008-04-14 00:12 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-01 05:37 . 2004-12-16 11:36 48128 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2011-03-11 14:10 . 2004-08-04 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_09.54.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 08:24 . 2011-05-19 08:24 16384 c:\windows\Temp\Perflib_Perfdata_b80.dat
+ 2011-05-19 08:17 . 2011-05-19 08:17 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2011-05-19 08:24 . 2011-05-19 08:24 16384 c:\windows\Temp\Perflib_Perfdata_3ac.dat
+ 2011-05-19 08:24 . 2011-05-19 08:24 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2004-08-04 12:00 . 2011-05-19 08:25 79540 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-05-19 08:25 481528 c:\windows\system32\perfh009.dat
+ 2011-05-19 07:47 . 2011-05-19 07:47 217088 c:\windows\ERDNT\AutoBackup\5-19-2011\Users\00000002\UsrClass.dat
+ 2011-05-19 07:47 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\5-19-2011\ERDNT.EXE
+ 2011-05-19 07:47 . 2011-05-19 07:47 2220032 c:\windows\ERDNT\AutoBackup\5-19-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"hcwPVRReset"="c:\progra~1\WinTV\hcwP1Utl.exe" [2001-06-21 45056]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
.
c:\documents and settings\Wynn\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [4/28/2011 2:34 PM 53816]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_26169.sys [4/28/2011 2:36 PM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/7/2011 12:05 PM 2218600]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/28/2011 2:34 PM 870200]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [1/24/2007 2:25 PM 11776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1/24/2007 2:25 PM 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1/24/2007 2:25 PM 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1/24/2007 2:25 PM 23552]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [4/28/2011 2:36 PM 18872]
S1 MpKslc66c33b5;MpKslc66c33b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020CCB11-0BB3-42EF-A214-8684EA030A36}\MpKslc66c33b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020CCB11-0BB3-42EF-A214-8684EA030A36}\MpKslc66c33b5.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2011 1:12 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/3/2011 1:12 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 2:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:12]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 11:12]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004Core.job
- c:\documents and settings\Wynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-02 15:41]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-839522115-1004UA.job
- c:\documents and settings\Wynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-02 15:41]
.
2011-05-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 10:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-19 10:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-19 08:26
ComboFix2.txt 2011-05-18 09:56
.
Pre-Run: 72,810,491,904 bytes free
Post-Run: 72,762,556,416 bytes free
.
- - End Of File - - 78C9A6EFE50D3F87FBD07321292BB35B



C:\Program Files\RealArcadeOld\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
C:\System Volume Information\_restore{3CA5B429-CA54-4240-A875-CC18D8520ACE}\RP39\A0007172.exe Win32/OpenCandy application
C:\System Volume Information\_restore{3CA5B429-CA54-4240-A875-CC18D8520ACE}\RP39\A0007173.exe Win32/OpenCandy application
C:\System Volume Information\_restore{3CA5B429-CA54-4240-A875-CC18D8520ACE}\RP39\A0007174.exe Win32/OpenCandy application
C:\System Volume Information\_restore{3CA5B429-CA54-4240-A875-CC18D8520ACE}\RP55\A0009201.dll Win32/OpenCandy application

[Dakeyras]

Hi.

In spite of ESET finding 5 threats - and well after the scan was done/finished - I went out during the scan but the OX fault still appeared when I rebooted on return home. I did not delete any threats.

One of the infections flagged we will remove, it is actually adware related and probably came bundled with RealArcade. The others are infected System Restore Points, which will be flushed when we uninstall ComboFix. As it stands they are not a threat at this point in time unless we need to use a System Restore Point and even a infected one can be useful if the need actually

Custom OTL Script:

• Double-click OTL.exe to start the program.
• Copy the lines from the quote-box to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
C:\Program Files\RealArcadeOld\Installer\bin\OCSetupHlp.dll

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

System File Check:

Close all open applications/windows etc.

• Click on Start >> Run...
• Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
• Click on OK
• System File Checker will now scan all protected files to verify their versions.

Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• checkhd.txt.

[Wynn_M]

Hello Dakeyras,

Did a reboot after it was all over - OX still appearing. Not sure that anything has changed really. Happy to get rid of the bugs though - or have I?


All processes killed
========== FILES ==========
C:\Program Files\RealArcadeOld\Installer\bin\OCSetupHlp.dll moved successfully.
File\Folder [EmptyTemp] not found.
File\Folder [CreateRestorePoint] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_111702

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

81923435 KB total disk space.
11463316 KB in 48347 files.
13328 KB in 4043 indexes.
0 KB in bad sectors.
126007 KB in use by the system.
65536 KB occupied by the log file.
70320784 KB available on disk.

4096 bytes in each allocation unit.
20480858 total allocation units on disk.
17580196 allocation units available on disk.

[Dakeyras]

Hi.

Did a reboot after it was all over - OX still appearing. Not sure that anything has changed really. Happy to get rid of the bugs though - or have I?

OK, actually Malware no longer appears to be a issue and not the overall cause. Carry out the below for me(it needs to be done anyway according to the checkhd log). Then let myself know if still the same problem afterwards, thank you.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

• Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
• You can choose to check other boxes if you wish but they are not required.
• Click on OK then Yes.

Next:

• Click Start >> Run... then type in CMD and click on OK.
• At the Command Prompt C:\ > type the following:
• CD C:\ and hit the Enter/Return key.
• Now type in DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
• This may take some time, when completed the Command Promtp C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:



Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

[Wynn_M]

Hello Dakeyras, The CHKDSK came up clean and the DEFRAG was all over in 15 seconds. Nothing of note there to report. PC closing down/booting up much quicker but, sorry, OX prevails.

The PC is booting up into Windows XP Home Edition just now. Don't know how that happened except I may have unwittingly changed the bootup sequence when initially trying to find the default Master sequence - CDROM: PM-Pioneer DVD-ROM ATAPIM which is the default for this PC. Secondary is CDROM; PS PHILLIPS DVDR1640P. However, although I found the sequence via F8 and chose the correct one it stubbornly boots into WinXP Home Edition with choice 2 of restoration.

So I'll let it lie just now as I'm sure you will gladly transfer this headache to one of your appropriate mates. It has been a headache hasn't it but you have been very patient with me (I think!) whereas I've been rather impatient with this darned machine. Actually dreaming about new machine and Windows 7 but the cash isn't available just yet.

Looking forward to my next task

Wynn