wuauclt

View previous topic View next topic Go down

wuauclt

Post by mikewelter on Thu Jun 24, 2010 12:28 am

wuauclt.exe problem...I am unable to run any explorer browser to download. I am in safemode scanning with malware and windows defender. I need help please

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by Dr Jay on Thu Jun 24, 2010 3:02 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: wuauclt

Post by mikewelter on Thu Jun 24, 2010 3:16 am

Dragon Master Jay You realize that that I am unable to access the internet with the infected computer. Can I load this on a 8gig flash drive and could you tell me how.

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by Dr Jay on Thu Jun 24, 2010 3:18 am

Download ComboFix, and move it to the flash drive.

Then, place the flash drive in to infected computer, and transfer ComboFix.exe to your Desktop.

Double-click on ComboFix.exe to run it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: wuauclt

Post by mikewelter on Thu Jun 24, 2010 3:29 am

thanks

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by mikewelter on Thu Jun 24, 2010 3:33 am

this machine does not have the Microsoft window recover console installed
without it, combofix shall not attemp the fixing of some serious infections.
click yes to have combo fix download/install it.
Note this requires an active internet connection
Master Jay I do not have internet connection on this computer what do I do next

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by mikewelter on Thu Jun 24, 2010 4:29 am

ComboFix 10-06-23.02 - A24K 06/23/2010 23:10:54.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.767 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A24K\g2mdlhlpx.exe
c:\documents and settings\A24K\Local Settings\Application Data\asam.exe
c:\documents and settings\A24K\Local Settings\Application Data\ridnolpew\waeatdotssd.exe
c:\windows\system32\CONFIG.exe
c:\windows\system32\ygvjflrn.ini

.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 01:19 . 2010-06-24 01:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-24 01:16 . 2010-06-24 01:16 -------- d-----w- C:\72b07cfaba36907985e7c0
2010-06-23 22:18 . 2010-06-23 22:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-23 20:08 . 2010-06-23 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-09 17:24 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-26 20:34 . 2010-05-26 20:34 -------- d-----w- c:\program files\Glance25

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 01:19 . 2008-01-31 19:49 -------- d-----w- c:\program files\WorksitePro
2010-06-24 01:16 . 2007-10-03 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 22:13 . 2008-08-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-06-04 14:12 . 2008-12-06 21:11 256 ----a-w- c:\windows\system32\pool.bin
2010-05-22 01:05 . 2008-04-15 08:33 -------- d-----w- c:\program files\AClient
2010-05-21 19:14 . 2009-10-02 23:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 20:42 . 2010-05-19 20:42 249856 ------w- c:\windows\Setup1.exe
2010-05-19 20:42 . 2010-05-19 20:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-12 18:34 . 2010-05-11 20:49 -------- d-----w- c:\program files\AVS4YOU
2010-05-12 18:33 . 2010-05-11 20:49 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-11 20:54 . 2010-05-11 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-06 10:41 . 2007-10-03 09:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-10-03 09:10 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-26 01:36 . 2009-04-21 17:00 -------- d-----w- c:\program files\Citrix
2010-04-26 01:32 . 2009-09-29 22:19 -------- d-----w- c:\program files\Coupons
2010-04-26 01:28 . 2010-04-26 01:28 -------- d-----w- c:\program files\Freeze.com
2010-04-26 01:27 . 2010-04-26 01:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-04-20 05:30 . 2007-10-03 09:06 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 21:41 . 2010-04-14 21:41 6053 ----a-w- c:\windows\Prefetch\PROPERTYCASUALTY_CD1[1].EXE-35BFFE62.zip
2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-08-29 14:33 . 2008-08-29 14:33 143360 --sha-r- c:\windows\IdleProc.exe
2008-08-29 14:33 . 2008-08-29 14:33 200704 --sha-r- c:\windows\MsCae32.dll
.

------- Sigcheck -------

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

c:\windows\System32\wuauclt.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 20:08 361592 ----a-w- c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]
"RCUI"="c:\progra~1\RINGCE~1\RINGCE~1\RCUI.exe" [2009-02-11 479232]
"RCHotKey"="c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe" [2009-05-04 32768]
"Mikogo"="c:\documents and settings\A24K\Application Data\Mikogo\Mikogo-Host.exe" [2009-10-29 2748416]
"cdloader"="c:\documents and settings\A24K\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aflac_Do_Not_Remove"="c:\aflac2000\WSPInfo.exe" [2006-09-12 45056]
"B'sCLiP"="c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe" [2007-09-12 753664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-12 162584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-12 138008]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\iFrmewrk.exe" [2007-07-25 974848]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2007-08-23 976264]
"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2007-08-09 91528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-12 138008]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592]
"setfan"="c:\program files\Panasonic\setfan\setfan.exe" [2007-08-09 443784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WSPPurge"="c:\program files\Aflac\Common\WSPPurge.exe" [2007-12-26 20480]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2007-08-24 734600]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-29 210224]
"EmsService"="EmsServiceHelper.exe" [2008-04-29 492848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AL-1000 Status Monitor.lnk - c:\program files\AL-1000\engss.exe [2010-3-5 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Documents and Settings\\A24K\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5060:UDP"= 5060:UDP:magicjack
"5070:UDP"= 5070:UDP:magicjack
"443:TCP"= 443:TCP:magicjack

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [10/3/2007 8:29 PM 17192]
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [4/29/2008 3:05 PM 195128]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [4/29/2008 3:05 PM 89656]
R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [8/29/2008 9:33 AM 77824]
R2 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [10/3/2007 8:29 PM 195616]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/3/2007 4:16 AM 36352]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [10/3/2007 4:15 AM 42624]
S2 CMGShield;CMG Shield;c:\windows\system32\CmgShieldSvc.exe [4/29/2008 3:01 PM 1103152]
S2 EMS;EMS;c:\windows\system32\EmsService.exe [4/29/2008 3:00 PM 644400]
S2 ETMService;Intel(R) Extended Thermal Model Service Application;c:\windows\system32\etmservice.exe [10/3/2007 11:48 AM 217088]
S2 MsChkSvc;MsChkSvc;c:\windows\system32\Mschksvc.exe [8/29/2008 9:33 AM 32768]
S2 MsWnetChk;MsWnetChk;c:\windows\system32\mswnetchk.exe [8/29/2008 9:33 AM 122880]
S2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\opdoffsv.exe [10/3/2007 8:00 PM 206480]
S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [10/3/2007 1:27 PM 54664]
S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [10/3/2007 1:27 PM 185736]
S2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [10/3/2007 1:01 PM 13704]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S3 B-Service;B-Service;c:\documents and settings\A24K\Application Data\Mikogo\B-Service.exe [10/29/2009 1:38 PM 185640]
S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [4/29/2008 3:04 PM 156976]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [3/4/2008 6:30 PM 34128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2009 2:04 PM 101936]
S3 Etm;Etm;c:\windows\system32\drivers\EtmDrvMgr.sys [10/3/2007 11:48 AM 40448]
S3 EtmCpu;EtmCpu;c:\windows\system32\drivers\EtmDevCpu.sys [10/3/2007 11:48 AM 19712]
S3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [10/3/2007 11:48 AM 9600]
S3 EtmGmchMem;EtmGmchMem;c:\windows\system32\drivers\EtmDevGmch.sys [10/3/2007 11:48 AM 36480]
S3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [10/3/2007 11:48 AM 12288]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258322132-2918892608-2119487751-1007Core.job
- c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 02:15]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258322132-2918892608-2119487751-1007UA.job
- c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 02:15]

2010-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: avacast.com\kaplan1
Trusted Zone: kfeducation.com\www
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-vqwgfatr - c:\documents and settings\A24K\Local Settings\Application Data\ridnolpew\waeatdotssd.exe
HKCU-Run-asam - c:\documents and settings\A24K\Local Settings\Application Data\asam.exe
HKLM-Run-vqwgfatr - c:\documents and settings\A24K\Local Settings\Application Data\ridnolpew\waeatdotssd.exe
HKLM-Run-asam - c:\documents and settings\A24K\Local Settings\Application Data\asam.exe
AddRemove-All Products - c:\worldins\DeIsL6.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-23 23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\A24K\LOCALS~1\Temp\CredDB.CEF 186054 bytes
C:\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\magicJackOutlookAddIn\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Adobe\Flash Player\AssetCache\KP53GX35\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Macromedia\Shockwave Player\Prefs\Y5K98FFN\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\CredDB.CEF 12986 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Excel\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Internet Explorer\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Office\CredDB.CEF 592 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Office\Recent\CredDB.CEF 24394 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Outlook\CredDB.CEF 1480 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Signatures\CredDB.CEF 8936 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Templates\CredDB.CEF 2368 bytes
c:\documents and settings\A24K\Application Data\Microsoft\Word\CredDB.CEF 668 bytes
c:\documents and settings\A24K\Application Data\Mozilla\Firefox\Profiles\6rq6yvvb.default\CredDB.CEF 592 bytes
c:\documents and settings\A24K\Application Data\Research In Motion\BlackBerry\Intellisync\3055D6E9.CFG\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Research In Motion\BlackBerry\Intellisync\Device.CFG\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\SecondLife\browser_profile\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\SecondLife\donaldtramp_swashbuckler\CredDB.CEF 296 bytes
c:\documents and settings\A24K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\CredDB.CEF 5028 bytes

scan completed successfully
hidden files: 22

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,66,cb,e6,2a,2f,f0,45,8c,80,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,66,cb,e6,2a,2f,f0,45,8c,80,a8,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMGShieldReg\CredProt*]
"KeyValidation"=dword:67fb81dd
"LastKeyUpdate"="11/13/2009:19:45"
"PCP"=dword:00000001
.
Completion time: 2010-06-23 23:17:36
ComboFix-quarantined-files.txt 2010-06-24 04:17

Pre-Run: 49,249,320,960 bytes free
Post-Run: 50,887,901,184 bytes free

- - End Of File - - C5628F8DC6A94DE2B32AB5A0834A4736

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by Dr Jay on Thu Jun 24, 2010 7:29 pm

Check for proxy server

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please make sure the checkbox labeled Use a proxy server for your LAN is unchecked. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen.


]========================[

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Download the CFScript from the attachment below. Save it to your Desktop.
  • Drag the downloaded CFScript.txt in to ComboFix



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: wuauclt

Post by mikewelter on Thu Jun 24, 2010 11:08 pm

Ran super anti virus spyware is found 480 items rebooted and now can only get screen background when it starts up. Go ahead and call me a dumbass. Need help wont run any fixes until you answer. here is the second combofix file after ther spyware disaster.

ComboFix 10-06-23.02 - A24K 06/24/2010 16:41:38.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.792 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 19:27 . 2010-06-24 19:29 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-06-24 18:39 . 2010-06-24 18:39 -------- d-----w- C:\$AVG
2010-06-24 18:16 . 2010-06-24 18:16 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-06-24 18:11 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-24 18:11 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-24 18:11 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-06-24 18:11 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-24 18:11 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-24 18:11 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-24 18:06 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-24 18:05 . 2010-03-29 15:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-24 18:05 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-24 18:05 . 2010-04-08 19:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-24 18:04 . 2010-06-24 18:11 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-24 18:04 . 2010-06-24 21:13 -------- d-----w- c:\program files\Spyware Doctor
2010-06-24 18:04 . 2010-06-24 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-24 18:03 . 2010-06-24 21:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-24 17:07 . 2010-06-24 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-24 17:07 . 2010-06-24 17:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-24 17:05 . 2010-06-24 17:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-24 17:05 . 2010-06-24 17:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-24 17:04 . 2010-06-24 17:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-24 17:04 . 2010-06-24 17:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-24 17:04 . 2010-06-24 21:38 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-24 16:59 . 2010-06-24 16:59 -------- d-----w- c:\program files\AVG
2010-06-24 16:59 . 2010-06-24 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-24 01:19 . 2010-06-24 01:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-24 01:16 . 2010-06-24 01:16 -------- d-----w- C:\72b07cfaba36907985e7c0
2010-06-23 22:18 . 2010-06-23 22:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-23 20:08 . 2010-06-23 20:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-09 17:24 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-26 20:34 . 2010-05-26 20:34 -------- d-----w- c:\program files\Glance25

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:56 . 2008-08-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-06-24 16:46 . 2008-12-21 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 16:44 . 2008-01-31 19:49 -------- d-----w- c:\program files\WorksitePro
2010-06-24 01:16 . 2007-10-03 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-04 14:12 . 2008-12-06 21:11 256 ----a-w- c:\windows\system32\pool.bin
2010-05-22 01:05 . 2008-04-15 08:33 -------- d-----w- c:\program files\AClient
2010-05-21 19:14 . 2009-10-02 23:29 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 20:42 . 2010-05-19 20:42 249856 ------w- c:\windows\Setup1.exe
2010-05-19 20:42 . 2010-05-19 20:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-12 18:34 . 2010-05-11 20:49 -------- d-----w- c:\program files\AVS4YOU
2010-05-12 18:33 . 2010-05-11 20:49 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-11 20:54 . 2010-05-11 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-06 10:41 . 2007-10-03 09:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-10-03 09:10 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2008-12-21 19:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2008-12-21 19:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 01:36 . 2009-04-21 17:00 -------- d-----w- c:\program files\Citrix
2010-04-26 01:32 . 2009-09-29 22:19 -------- d-----w- c:\program files\Coupons
2010-04-26 01:28 . 2010-04-26 01:28 -------- d-----w- c:\program files\Freeze.com
2010-04-26 01:27 . 2010-04-26 01:27 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-04-20 05:30 . 2007-10-03 09:06 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 21:41 . 2010-04-14 21:41 6053 ----a-w- c:\windows\Prefetch\PROPERTYCASUALTY_CD1[1].EXE-35BFFE62.zip
2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-08-29 14:33 . 2008-08-29 14:33 143360 --sha-r- c:\windows\IdleProc.exe
2008-08-29 14:33 . 2008-08-29 14:33 200704 --sha-r- c:\windows\MsCae32.dll
.

------- Sigcheck -------

[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe

c:\windows\System32\wuauclt.exe ... is missing !!
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-06-24 18:00 . 2010-06-24 19:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012010062420100625\index.dat
+ 2007-10-03 16:45 . 2010-06-24 21:30 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-24 17:15 . 2010-06-24 21:13 37888 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{23A54EE6-7FB4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:13 . 2010-06-24 20:17 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FC47E8D2-7FCC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:49 . 2010-06-24 20:53 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EFEE970D-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:47 . 2010-06-24 18:51 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EFD56AD8-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:27 . 2010-06-24 20:31 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EE2F4010-7FCE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 21:03 . 2010-06-24 21:07 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE12B842-7FD3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:44 . 2010-06-24 19:48 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D7C8AC68-7FC8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:41 . 2010-06-24 20:45 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D6E7C8A7-7FD0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:00 . 2010-06-24 19:05 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD92FEF1-7FC2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:57 . 2010-06-24 20:00 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C67E3D13-7FCA-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:36 . 2010-06-24 19:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C4218ADA-7FC7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:10 . 2010-06-24 18:15 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C0B55389-7FBB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:24 . 2010-06-24 18:28 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCC5D053-7FBD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:38 . 2010-06-24 18:42 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BC309BAD-7FBF-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:13 . 2010-06-24 19:18 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A2AC0CCA-7FC4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:54 . 2010-06-24 20:57 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9CD29D7B-7FD2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:52 . 2010-06-24 18:56 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{971964E7-7FC1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 21:07 . 2010-06-24 21:12 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A7F8915-7FD4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:32 . 2010-06-24 20:36 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A0A9974-7FCF-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:17 . 2010-06-24 20:22 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{88495FDD-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:01 . 2010-06-24 18:05 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E571E8D-7FBA-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:05 . 2010-06-24 19:09 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E3576AE-7FC3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:48 . 2010-06-24 19:52 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{71204AE0-7FC9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:15 . 2010-06-24 18:19 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6BA70E77-7FBC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:29 . 2010-06-24 18:33 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6491B06D-7FBE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:23 . 2010-06-24 20:27 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{48534915-7FCE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:42 . 2010-06-24 18:47 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36DF7CCE-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:58 . 2010-06-24 21:02 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{32A5030B-7FD3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:36 . 2010-06-24 20:40 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2EDB890F-7FD0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:53 . 2010-06-24 19:57 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{184ECFC7-7FCA-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:19 . 2010-06-24 18:24 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{17DF6B8E-7FBD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 01:18 . 2010-06-24 18:00 17822 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat
+ 2010-06-23 22:52 . 2010-06-24 21:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2010-06-23 22:52 . 2010-06-24 04:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2010-06-24 01:19 . 2010-06-24 01:19 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-24 01:19 . 2010-06-24 21:07 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-06-24 01:00 . 2010-06-24 01:00 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\PrivacIE\index.dat
+ 2010-06-24 01:00 . 2010-06-24 21:23 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\PrivacIE\index.dat
- 2010-06-24 01:00 . 2010-06-24 01:00 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-06-24 01:00 . 2010-06-24 21:23 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2007-10-03 16:45 . 2010-06-24 21:30 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-24 19:27 . 2010-06-24 21:00 45213 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\UserCache.bin
+ 2010-06-24 18:00 . 2010-06-24 20:19 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{6B6CD686-7FBA-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:19 . 2010-06-24 20:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{BD04A268-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:30 . 2010-06-24 19:33 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FF4701E1-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:33 . 2010-06-24 18:35 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FCBCE69B-7FBE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:06 . 2010-06-24 20:09 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F136FF6B-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:47 . 2010-06-24 18:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EFD56AD6-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:27 . 2010-06-24 20:27 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EE2F400F-7FCE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:42 . 2010-06-24 17:43 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ED781C7F-7FB7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:06 . 2010-06-24 20:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EA8E4E0D-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:06 . 2010-06-24 20:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EA8E4E0C-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:15 . 2010-06-24 19:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E7C917BD-7FC4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:22 . 2010-06-24 19:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E50F067A-7FC5-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 21:02 . 2010-06-24 21:02 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE12B840-7FD3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:44 . 2010-06-24 19:44 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D7C8AC66-7FC8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:41 . 2010-06-24 20:41 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D6E7C8A6-7FD0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:46 . 2010-06-24 18:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D46F248A-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:48 . 2010-06-24 20:48 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CE973474-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:29 . 2010-06-24 19:30 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CAF70926-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:56 . 2010-06-24 18:00 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C6CB95F5-7FB9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:57 . 2010-06-24 19:57 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BF631ACF-7FCA-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:36 . 2010-06-24 19:36 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BAF51E93-7FC7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:36 . 2010-06-24 19:36 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BAF51E91-7FC7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:20 . 2010-06-24 17:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B958B5E7-7FB4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:11 . 2010-06-24 20:13 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B461FEC3-7FCC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:11 . 2010-06-24 20:11 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B461FEC2-7FCC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:45 . 2010-06-24 18:45 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B361AAD8-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:47 . 2010-06-24 20:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AFFA62E5-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:59 . 2010-06-24 19:00 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AC1F0020-7FC2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:47 . 2010-06-24 20:48 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A688D263-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:47 . 2010-06-24 20:47 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A688D262-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:33 . 2010-06-24 17:33 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A23501C5-7FB6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:21 . 2010-06-24 19:22 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A22708DA-7FC5-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:45 . 2010-06-24 18:46 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1F73D6D-7FC0-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:18 . 2010-06-24 20:19 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9FEED27A-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:37 . 2010-06-24 18:38 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9707B4F1-7FBF-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:53 . 2010-06-24 20:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9635D7D9-7FD2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:47 . 2010-06-24 17:49 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92EFF0B5-7FB8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:16 . 2010-06-24 18:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92A806CE-7FBC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:42 . 2010-06-24 19:43 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{91A2FC6F-7FC8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:42 . 2010-06-24 19:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{91A2FC6E-7FC8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:08 . 2010-06-24 18:10 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8EDF8C52-7FBB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:46 . 2010-06-24 20:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8B929A9C-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:17 . 2010-06-24 20:17 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{88495FDC-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:03 . 2010-06-24 20:05 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8720BCC4-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:17 . 2010-06-24 20:17 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{80790AE8-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:17 . 2010-06-24 20:17 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{80790AE7-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:15 . 2010-06-24 18:15 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7EC82C92-7FBC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:05 . 2010-06-24 19:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E3576AC-7FC3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:05 . 2010-06-24 19:05 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{779B136B-7FC3-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:26 . 2010-06-24 19:29 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{705DAD2F-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:26 . 2010-06-24 19:26 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{705DAD27-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:26 . 2010-06-24 19:26 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{705DAD26-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:45 . 2010-06-24 20:46 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6EDC28BF-7FD1-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:09 . 2010-06-24 20:11 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6DC9DDEB-7FCC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:26 . 2010-06-24 19:29 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{67A61417-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:33 . 2010-06-24 19:35 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{667A2B8B-7FC7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:29 . 2010-06-24 18:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6491B06C-7FBE-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:24 . 2010-06-24 17:24 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{62C36F2D-7FB5-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:12 . 2010-06-24 19:13 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{600B95B6-7FC4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:09 . 2010-06-24 20:09 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{59FD167F-7FCC-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:16 . 2010-06-24 20:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54EA34A5-7FCD-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:35 . 2010-06-24 18:37 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54C43992-7FBF-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:01 . 2010-06-24 20:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{52572C1C-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:45 . 2010-06-24 17:45 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4F1987EC-7FB8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:40 . 2010-06-24 19:41 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4B441407-7FC8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:18 . 2010-06-24 19:20 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{48E29D21-7FC5-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:38 . 2010-06-24 17:38 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4847CED5-7FB7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:45 . 2010-06-24 17:45 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47E8F085-7FB8-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:47 . 2010-06-24 19:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{470C8A84-7FC9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:52 . 2010-06-24 17:52 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{42BBD4CC-7FB9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:56 . 2010-06-24 18:59 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40488363-7FC2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:56 . 2010-06-24 18:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40488362-7FC2-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:52 . 2010-06-24 17:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39D6EF10-7FB9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:52 . 2010-06-24 17:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39D6EF0F-7FB9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 20:00 . 2010-06-24 20:01 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E9B0D2B-7FCB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 18:06 . 2010-06-24 18:08 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27A53B9A-7FBB-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:15 . 2010-06-24 17:15 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{23A54EE7-7FB4-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:46 . 2010-06-24 19:46 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1FE7CEE7-7FC9-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:31 . 2010-06-24 19:32 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1C44FA4A-7FC7-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:16 . 2010-06-24 19:16 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CF92586-7FC5-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:29 . 2010-06-24 17:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09CBCE74-7FB6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 17:29 . 2010-06-24 17:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09CBCE73-7FB6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:23 . 2010-06-24 19:26 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0949820E-7FC6-11DF-8675-000B97564F7E}.dat
+ 2010-06-24 19:09 . 2010-06-24 19:11 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{086F8C91-7FC4-11DF-8675-000B97564F7E}.dat
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2010-06-24 18:05 . 2010-06-24 18:05 228352 c:\windows\Installer\4ab7a3.msi
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-06-23 22:18 . 2010-06-24 21:30 1163264 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2007-10-03 16:45 . 2010-06-24 21:30 2621440 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 20:08 361592 ----a-w- c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]
"RCUI"="c:\progra~1\RINGCE~1\RINGCE~1\RCUI.exe" [2009-02-11 479232]
"RCHotKey"="c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe" [2009-05-04 32768]
"Mikogo"="c:\documents and settings\A24K\Application Data\Mikogo\Mikogo-Host.exe" [2009-10-29 2748416]
"cdloader"="c:\documents and settings\A24K\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aflac_Do_Not_Remove"="c:\aflac2000\WSPInfo.exe" [2006-09-12 45056]
"B'sCLiP"="c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe" [2007-09-12 753664]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-12 162584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-12 138008]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\iFrmewrk.exe" [2007-07-25 974848]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2007-08-23 976264]
"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2007-08-09 91528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-12 138008]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592]
"setfan"="c:\program files\Panasonic\setfan\setfan.exe" [2007-08-09 443784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WSPPurge"="c:\program files\Aflac\Common\WSPPurge.exe" [2007-12-26 20480]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2007-08-24 734600]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-29 210224]
"EmsService"="EmsServiceHelper.exe" [2008-04-29 492848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-24 2064736]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AL-1000 Status Monitor.lnk - c:\program files\AL-1000\engss.exe [2010-3-5 77824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-24 17:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Documents and Settings\\A24K\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5060:UDP"= 5060:UDP:magicjack
"5070:UDP"= 5070:UDP:magicjack
"443:TCP"= 443:TCP:magicjack

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [10/3/2007 8:29 PM 17192]
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [4/29/2008 3:05 PM 195128]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [4/29/2008 3:05 PM 89656]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/24/2010 1:05 PM 218592]
R1 SafDskNT;SafDskNT;c:\windows\system32\drivers\SafDskNT.sys [8/29/2008 9:33 AM 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/3/2007 4:16 AM 36352]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [10/3/2007 4:15 AM 42624]
R4 BsUDF;BsUDF;c:\windows\system32\drivers\BsUDF.sys [10/3/2007 8:29 PM 195616]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/24/2010 12:04 PM 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/24/2010 12:05 PM 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/24/2010 12:02 PM 308064]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/24/2010 1:11 PM 112592]
S2 CMGShield;CMG Shield;c:\windows\system32\CmgShieldSvc.exe [4/29/2008 3:01 PM 1103152]
S2 EMS;EMS;c:\windows\system32\EmsService.exe [4/29/2008 3:00 PM 644400]
S2 ETMService;Intel(R) Extended Thermal Model Service Application;c:\windows\system32\etmservice.exe [10/3/2007 11:48 AM 217088]
S2 MsChkSvc;MsChkSvc;c:\windows\system32\Mschksvc.exe [8/29/2008 9:33 AM 32768]
S2 MsWnetChk;MsWnetChk;c:\windows\system32\mswnetchk.exe [8/29/2008 9:33 AM 122880]
S2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\OPDOFF\opdoffsv.exe [10/3/2007 8:00 PM 206480]
S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [10/3/2007 1:27 PM 54664]
S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [10/3/2007 1:27 PM 185736]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/24/2010 1:04 PM 366840]
S2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [10/3/2007 1:01 PM 13704]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 B-Service;B-Service;c:\documents and settings\A24K\Application Data\Mikogo\B-Service.exe [10/29/2009 1:38 PM 185640]
S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [4/29/2008 3:04 PM 156976]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [3/4/2008 6:30 PM 34128]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2009 2:04 PM 101936]
S3 Etm;Etm;c:\windows\system32\drivers\EtmDrvMgr.sys [10/3/2007 11:48 AM 40448]
S3 EtmCpu;EtmCpu;c:\windows\system32\drivers\EtmDevCpu.sys [10/3/2007 11:48 AM 19712]
S3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [10/3/2007 11:48 AM 9600]
S3 EtmGmchMem;EtmGmchMem;c:\windows\system32\drivers\EtmDevGmch.sys [10/3/2007 11:48 AM 36480]
S3 EtmTempSense;EtmTempSense;c:\windows\system32\drivers\EtmTempSense.sys [10/3/2007 11:48 AM 12288]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXHELP20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258322132-2918892608-2119487751-1007Core.job
- c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 02:15]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258322132-2918892608-2119487751-1007UA.job
- c:\documents and settings\A24K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-25 02:15]

2010-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: avacast.com\kaplan1
Trusted Zone: kfeducation.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-24 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\CredDB.CEF 592 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,66,cb,e6,2a,2f,f0,45,8c,80,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,66,cb,e6,2a,2f,f0,45,8c,80,a8,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMGShieldReg\CredProt*]
"KeyValidation"=dword:67fb81dd
"LastKeyUpdate"="11/13/2009:19:45"
"PCP"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(324)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-24 16:53:30
ComboFix-quarantined-files.txt 2010-06-24 21:53
ComboFix2.txt 2010-06-24 04:17

Pre-Run: 50,025,582,592 bytes free
Post-Run: 50,221,207,552 bytes free

- - End Of File - - 91368DC2E9CF1DA9E6201736D0C69B6F

mikewelter
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-24
OS : xp

View user profile

Back to top Go down

Re: wuauclt

Post by Dr Jay on Fri Jun 25, 2010 4:35 am

Try again. Make sure to download the CFScript.txt, then drag it in to ComboFix.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum