wuauclt.exe is infected

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

wuauclt.exe is infected

Post by mjomisko on Sat 10 Jul 2010, 1:14 am

My daughter's computer (running XP) has multiple problems and is unusable at the moment. I see two pop-ups on it. One says wuauclt.exe is infected and the other says discstreamhub.exe is infected. I'm not sure but I don't think this is all that is wrong with it. I just registered on this site and have done a little of the intro reading about how to get started. Should I worry about Adobe and Java being updated before we begin working on her computer? Also, should everything done, while trying to fix it, be done in Safe Mode?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sat 10 Jul 2010, 3:35 am

Hi,

Please run this in normal mode.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=========

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sat 10 Jul 2010, 12:09 pm

I found out that they can't open the internet. The pop-up says "AV Security Suite Demo". It looks like a Windows Security Alert." If you click on it it wants you to run a virus scan and you can never actually get on the internet. I was on it last night in Safe Mode but your instructions say to do it in normal mode. I'll wait for further instructions.

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sat 10 Jul 2010, 12:12 pm

Hi,

Please run it in Safe Mode if it will not download/run in normal mode.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sat 10 Jul 2010, 12:17 pm

Hi,

Please run them in Safe mode, if they will not run in normal mode.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 2:19 am

This is the message I got when I ran RKill.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Compaq_Administrator on 07/10/2010 at 11:16:53.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\rkill.scr


Rkill completed on 07/10/2010 at 11:16:55.

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 2:49 am

I ran a scan on OTL and it looked like it was reading the files, then at the bottom there is a message that reads "Manual File Scan - Getting folder structure.... It seems to be frozen at that point. The notepad windows never open up. What to do???

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun 11 Jul 2010, 2:58 am

Hi,

Please end the scan, and redo the scan without the custom scan.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 3:04 am

I just reposted the results of the OTL custom scan. What about the RKill scan?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun 11 Jul 2010, 3:07 am

Hi,

Don't worry about posting the Rkill log, please just post the OTL logs, you may need to split them into multiple posts.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 4:38 am

OTL logfile created on: 7/10/2010 11:29:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 84.61 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/05 03:37:18 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/05/05 03:24:23 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2006/03/16 02:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/16 02:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2005/09/24 15:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2005/09/17 00:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 00:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 00:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/05 03:24:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/09 21:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2006/05/05 03:37:18 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/10/13 08:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 15:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 11:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 00:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 00:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2006/05/05 03:37:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/16 09:00:00 | 000,321,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/24 19:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/19 11:23:52 | 000,196,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/09/19 11:23:48 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/19 11:23:40 | 000,031,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/09/19 11:23:36 | 000,027,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/09/19 11:23:32 | 000,109,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/09/19 11:23:26 | 000,012,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/09/17 00:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/01 19:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5577
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 20:10:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 20:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/05/05 03:08:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2006/05/05 03:16:02 | 000,000,000 | ---D | M]

[2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Extensions
[2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\extensions
[2009/09/07 14:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
O4 - HKCU..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/28 15:18:23 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:36 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:37 | 000,715,840 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:31 | 000,000,180 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/28 15:23:36 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 4.0 & Silverlight 3.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{f548df6a-9bbd-4268-a68b-92f1e425c085} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 11:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
[2010/07/10 03:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/08 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
[2010/07/08 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla
[2010/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Macromedia
[2010/07/08 13:18:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Videos
[2010/07/08 07:42:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
[2010/07/08 07:42:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
[2010/07/08 07:41:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
[2010/07/08 07:41:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Music
[2010/07/08 05:13:16 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/07/08 05:06:38 | 002,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/07/08 05:06:38 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/07/08 05:06:37 | 002,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/07/08 05:06:37 | 002,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/07/08 04:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/06 13:50:19 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/07/06 13:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/07/06 13:19:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/07/06 13:19:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/07/06 13:19:07 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/07/06 13:19:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/06 13:19:05 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/07/06 11:14:29 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/06 10:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
[2010/07/06 10:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud
[2010/07/06 10:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Sun
[2010/07/06 10:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
[2010/07/06 10:00:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Documents
[2010/07/06 09:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LimeWire Saved
[2010/07/06 09:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Documents
[2010/07/06 09:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\LimeWire Saved
[2010/07/06 09:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Incomplete
[2010/07/06 09:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
[2010/07/06 09:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Adobe
[2010/07/06 09:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\needapai
[2010/07/06 09:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Recent
[2010/07/06 09:25:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/06 09:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/06 09:17:14 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/07/06 09:15:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft
[2010/07/06 09:15:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data
[2010/07/06 09:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Pictures
[2010/07/06 09:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Favorites
[2010/07/06 09:15:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Cookies
[2010/07/06 09:15:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Wildtangent
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Real
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Intuit
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Identities
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\HPQ
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\HP
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\ApplicationHistory
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2010/07/06 09:15:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\SendTo
[2010/07/06 09:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Start Menu
[2010/07/06 09:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Templates
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrintHood
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NetHood
[2010/07/06 09:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\WINDOWS
[2010/07/06 09:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/06 08:00:20 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/07/04 08:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/07/04 08:31:33 | 000,372,224 | ---- | C] (Intsys) -- C:\Program Files\adc_w32.dll
[2010/07/04 08:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sysinternals Antivirus
[2010/07/02 21:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\otoctrqmg
[2010/06/27 17:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/06/25 17:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/06/24 05:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/06/22 10:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/06/22 10:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/06/21 16:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/21 16:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/17 08:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/10 11:29:30 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NTUSER.DAT
[2010/07/10 11:29:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
[2010/07/10 11:17:16 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
[2010/07/10 11:02:52 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/10 11:01:34 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/09 21:17:12 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/09 21:17:12 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 21:17:11 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/09 21:12:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 21:12:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 21:12:34 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/09 21:12:32 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 20:55:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/09 20:47:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/09 20:31:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 09:35:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
[2010/07/08 20:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 13:18:36 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/08 07:41:27 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/06 13:50:19 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/07/06 13:48:05 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/06 12:16:57 | 000,000,160 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/06 12:04:42 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 09:45:15 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 09:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/06 09:25:39 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2010/07/06 09:23:01 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/06 09:22:58 | 000,001,871 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
[2010/07/06 09:22:01 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/06 09:13:12 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/06 09:11:25 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/07/06 09:10:37 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/05 17:52:26 | 000,000,003 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/07/05 17:52:24 | 000,000,066 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/07/05 17:40:09 | 000,097,792 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/07/05 17:40:03 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/05 11:25:19 | 000,372,224 | ---- | M] (Intsys) -- C:\Program Files\adc_w32.dll
[2010/07/05 09:01:49 | 000,179,200 | ---- | M] () -- C:\pb32.exe
[2010/07/05 09:01:48 | 000,000,000 | ---- | M] () -- C:\Program Files\extra1.dat
[2010/07/05 06:10:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/04 08:32:31 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/07/04 08:31:31 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/07/04 08:31:29 | 000,059,392 | ---- | M] () -- C:\Program Files\svchost.exe
[2010/06/25 06:28:26 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/06/25 06:28:25 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Best of Business Collection.lnk
[2010/06/24 06:44:43 | 000,002,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 University Life Collection.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 20:31:42 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 20:09:27 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 13:18:36 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/08 07:42:29 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
[2010/07/06 13:48:05 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/06 13:43:53 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
[2010/07/06 12:27:53 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\LuResult.txt
[2010/07/06 09:40:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 09:25:39 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2010/07/06 09:22:56 | 000,001,871 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
[2010/07/06 09:15:51 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2010/07/06 09:15:50 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk
[2010/07/06 09:15:50 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2010/07/06 09:15:50 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/06 09:15:50 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/07/06 09:15:50 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/06 09:15:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/06 09:15:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
[2010/07/06 09:15:41 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NTUSER.DAT
[2010/07/06 09:15:41 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.dat.LOG
[2010/07/06 09:15:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
[2010/07/06 09:11:20 | 000,002,085 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Latino 3 Meses Incluidos.lnk
[2010/07/06 09:11:20 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 3 Months Included.lnk
[2010/07/06 09:11:20 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010/07/06 09:11:20 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2010/07/06 09:11:20 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Browser.lnk
[2010/07/06 09:11:20 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3 Month Trial AOL Music Now.lnk
[2010/07/06 09:11:20 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken New User Edition 2006.lnk
[2010/07/06 09:11:20 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2010/07/06 09:11:20 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/07/06 09:11:19 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2010/07/06 09:11:19 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My HP Games.lnk
[2010/07/06 09:11:19 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Rhapsody.lnk
[2010/07/06 09:11:12 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/05 09:01:49 | 000,179,200 | ---- | C] () -- C:\pb32.exe
[2010/07/05 09:01:48 | 000,000,000 | ---- | C] () -- C:\Program Files\extra1.dat
[2010/07/04 08:31:36 | 000,097,792 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/07/04 08:31:31 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/07/04 08:31:31 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/07/04 08:31:30 | 000,000,003 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/07/04 08:31:29 | 000,059,392 | ---- | C] () -- C:\Program Files\svchost.exe
[2010/07/04 08:31:29 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/07/02 05:38:39 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/06/25 06:28:25 | 000,002,139 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Best of Business Collection.lnk
[2010/06/24 06:44:43 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/06/24 06:44:43 | 000,002,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 University Life Collection.lnk
[2008/11/01 19:31:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
[2008/10/18 13:15:55 | 000,011,380 | ---- | C] () -- C:\WINDOWS\opavudukul.sys
[2008/10/12 21:02:10 | 000,010,921 | ---- | C] () -- C:\WINDOWS\ajutiw.sys
[2008/10/12 21:02:10 | 000,010,831 | ---- | C] () -- C:\WINDOWS\yvivopux.sys
[2007/07/14 08:23:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/07/02 10:04:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/11 15:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/17 09:03:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/17 08:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/05 03:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/05 03:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/05 03:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/05 03:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/05 03:20:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/05 03:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 03:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/05 03:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/05 03:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/05 02:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/05 02:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/05 02:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/05 02:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/05 02:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/05 02:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/05 02:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/05 02:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/05 02:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/05 02:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/05 02:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 07:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 04:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 13:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 13:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\*.sys >
[2004/08/09 21:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/05/05 03:23:33 | 000,012,988 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/09 21:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/09 21:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/09 21:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/09 21:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/09 21:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/09 21:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/09 21:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/09 21:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/09 21:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/09 21:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/09 21:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/09 21:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/09 21:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/09 21:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/09 21:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/01 22:56:34 | 001,850,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 4:39 am

< %SYSTEMDRIVE%\*.* >
[2008/08/06 09:14:20 | 002,771,487 | ---- | M] () -- C:\02 - Young Buck - Hip Hop Cant Save My Life.mp3
[2009/11/13 14:48:19 | 006,019,587 | ---- | M] () -- C:\Across the Universe - Hey Jude.mp3
[2009/11/13 15:37:54 | 005,387,605 | ---- | M] () -- C:\Air Gear - BACK-ON - 01. Chain(1).mp3
[2009/11/13 15:45:41 | 003,889,459 | ---- | M] () -- C:\Alanis Morissette - You Learn.mp3
[2008/07/22 15:48:43 | 000,003,445 | -HS- | M] () -- C:\AlbumArtSmall.jpg
[2008/07/22 15:48:43 | 000,015,775 | -HS- | M] () -- C:\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Large.jpg
[2008/07/22 15:48:43 | 000,003,445 | -HS- | M] () -- C:\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Small.jpg
[2008/07/22 15:48:36 | 000,006,929 | -HS- | M] () -- C:\AlbumArt_{E7934039-4872-41E5-A227-2342DBBA64E9}_Large.jpg
[2008/07/22 15:48:36 | 000,002,249 | -HS- | M] () -- C:\AlbumArt_{E7934039-4872-41E5-A227-2342DBBA64E9}_Small.jpg
[2009/11/15 18:53:30 | 002,935,500 | ---- | M] () -- C:\Alvin and The Chipmunks - Witch Doctor(remix).mp3
[2010/02/27 13:47:05 | 000,422,966 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/11/15 18:51:40 | 004,866,146 | ---- | M] () -- C:\asereje ketchup vocaloid.mov
[2009/11/13 14:23:25 | 003,488,456 | ---- | M] () -- C:\Ashlee Simpson - Follow You Wherever You Go.mp3
[2005/08/30 21:02:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/01 18:25:39 | 005,684,072 | ---- | M] () -- C:\Avenged Seven Fold - Almost Easy.mp3
[2009/11/13 14:25:35 | 007,969,246 | ---- | M] () -- C:\Avenged Seven Fold - Bat Country.mp3
[2009/11/13 14:27:31 | 005,533,375 | ---- | M] () -- C:\Avril Lavigne - 04 - The Best Damn Thing.mp3
[2009/11/14 15:51:14 | 003,993,235 | ---- | M] () -- C:\Avril Lavinge - Keep Holding On.mp3
[2009/11/13 13:36:10 | 005,508,646 | ---- | M] () -- C:\back naruto openings heros.mov
[2009/11/14 15:51:28 | 010,523,461 | ---- | M] () -- C:\Beyonce - Halo(1).mp3
[2009/11/13 13:25:36 | 020,784,108 | ---- | M] () -- C:\Beyonce - Single Ladies (Put A Ring On It) OFFICIAL VIDEO.mp4
[2009/11/14 15:51:37 | 007,829,782 | ---- | M] () -- C:\Beyonce - Single Ladies (Put a Ring on it).mp3
[2009/11/13 14:29:49 | 003,683,320 | ---- | M] () -- C:\Black Eyed Peas - Where Is The Love.mp3
[2009/11/13 14:29:59 | 004,025,803 | ---- | M] () -- C:\Black Eyed Peas - Pump It.mp3
[2010/02/01 17:53:24 | 004,373,956 | ---- | M] () -- C:\Bob Marley - Buffalo Solider.mp3
[2010/02/01 17:52:51 | 003,871,812 | ---- | M] () -- C:\Bob Marley - Dont Worry Be Happy.mp3
[2009/11/13 13:34:21 | 005,130,449 | ---- | M] () -- C:\Bob Marley - Red Red Wine(1).mp3
[2008/06/18 11:16:57 | 005,134,545 | ---- | M] () -- C:\Bob Marley - Red Red Wine.mp3
[2009/11/13 14:32:23 | 005,386,035 | ---- | M] () -- C:\BOB MARLEY- red red wine.mp3
[2008/11/15 07:00:40 | 000,009,491 | ---- | M] () -- C:\bold.log
[2010/07/06 09:10:37 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/06 09:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/13 14:33:17 | 002,858,872 | ---- | M] () -- C:\Caramell_-_Caramelldansen_(Speedycake_Remix).mp3
[2009/11/13 14:33:41 | 006,269,860 | ---- | M] () -- C:\Celion Dion - A New Day Has Come.mp3
[2009/11/14 15:51:51 | 005,321,832 | ---- | M] () -- C:\Chain- Air Gear opening theme.mp3
[2009/11/14 15:52:01 | 003,370,441 | ---- | M] () -- C:\Chris Brown - Forever.mp3
[2010/02/01 18:17:41 | 003,458,550 | ---- | M] () -- C:\Cindy Lauper - 80s music - Time After Time.mp3
[2009/11/13 15:06:07 | 003,024,695 | ---- | M] () -- C:\Cindy Lauper - Hey Mickey.mp3
[2010/02/01 17:50:36 | 003,675,366 | ---- | M] () -- C:\Cindy Lauper - True Colors.mp3
[2010/02/01 18:18:43 | 003,600,418 | ---- | M] () -- C:\Classical Mozart- In the hall of the Mountain King (techno remix).mp3
[2004/08/09 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/30 21:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/13 15:46:51 | 005,554,176 | ---- | M] () -- C:\Crazy Frog - In Da House.mp3
[2008/11/01 19:30:32 | 000,036,870 | ---- | M] () -- C:\CybDefInstallInfo.log
[2009/11/13 14:36:29 | 003,991,086 | ---- | M] () -- C:\Danity Kane - Damaged.mp3
[2009/11/13 14:35:47 | 003,659,971 | ---- | M] () -- C:\Darude - Sandstorm.mp3
[2008/05/22 17:10:31 | 007,285,252 | ---- | M] () -- C:\Death Note - Near's theme.mp3
[2008/05/22 17:10:51 | 007,281,940 | ---- | M] () -- C:\Death Note OST anime - Near's theme.mp3
[2008/07/22 15:48:44 | 000,000,362 | -HS- | M] () -- C:\desktop.ini
[2010/02/01 18:21:56 | 002,847,873 | ---- | M] () -- C:\DJ Splash - Flying High.mp3
[2009/11/13 13:53:02 | 007,031,490 | ---- | M] () -- C:\Duffy - Mercy(1).mp3
[2009/11/14 15:52:39 | 007,035,959 | ---- | M] () -- C:\Duffy - Mercy.mp3
[2008/08/01 09:44:25 | 005,390,336 | ---- | M] () -- C:\Eiffel 65 - Im Blue (Techno Remix).mp3
[2009/11/13 15:19:08 | 003,578,609 | ---- | M] () -- C:\Eiffle 65 - Im Blue.mp3
[2009/11/13 14:38:53 | 007,737,997 | ---- | M] () -- C:\Eminem - Like Toy Soliders.mp3
[2009/11/13 14:39:58 | 005,609,065 | ---- | M] () -- C:\Enur Feat Natasja - Calabria 2008.mp3
[2009/11/13 15:11:16 | 006,082,668 | ---- | M] () -- C:\Face Drop - Sean Kingston.mp3
[2009/11/14 15:53:02 | 007,668,445 | ---- | M] () -- C:\Fergie - Fergalicious.mp3
[2009/11/13 14:03:40 | 003,804,648 | ---- | M] () -- C:\Final Fantasy X-2 - 1000 Words (True English).mp3
[2009/11/13 14:08:49 | 014,368,366 | ---- | M] () -- C:\Final Fantasy X-2 - Yuna's Concert 1000 Words (English).mp4
[2009/11/14 15:53:16 | 003,498,493 | ---- | M] () -- C:\Flobot-No Handle Bars.mp3
[2009/11/13 14:42:26 | 004,473,061 | ---- | M] () -- C:\Flyleaf I'm So Sick.mp3
[2008/07/22 15:48:43 | 000,015,775 | -HS- | M] () -- C:\Folder.jpg
[2009/11/13 15:48:32 | 003,782,805 | ---- | M] () -- C:\Fort Minor-Where did you Go.mp3
[2008/07/08 19:16:49 | 004,435,902 | ---- | M] () -- C:\Fruits Basket - Opening Theme (Japanese).mp3
[2008/08/21 18:34:09 | 004,165,632 | ---- | M] () -- C:\Gummy Bear Song in English.mpg
[2009/11/13 14:43:33 | 006,012,861 | ---- | M] () -- C:\Gunther - Ding Dong Song.mp3
[2008/06/09 20:42:20 | 734,621,696 | ---- | M] () -- C:\Happy Feet (Full Movie).avi
[2010/02/01 17:47:01 | 010,197,400 | ---- | M] () -- C:\Hatsune Miku - Triple Baka.mp3
[2009/11/13 14:47:02 | 007,041,024 | ---- | M] () -- C:\Heart - Alone.mp3
[2010/02/01 17:49:49 | 004,264,011 | ---- | M] () -- C:\Heart - Baracuda.mp3
[2009/11/13 14:47:37 | 006,215,612 | ---- | M] () -- C:\hellogoodbye - here (in your arms).mp3
[2009/11/13 14:47:35 | 003,944,379 | ---- | M] () -- C:\Hellogoodbye- Here In Your Arms.mp3
[2009/11/13 14:29:15 | 012,697,369 | ---- | M] () -- C:\Hey Jude.mp3
[2010/07/09 21:12:32 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 11:06:52 | 000,083,831 | ---- | M] () -- C:\hpWebHelper.log
[2005/08/30 21:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/07 08:12:44 | 000,000,551 | -H-- | M] () -- C:\IPH.PH
[2009/11/13 14:54:44 | 005,216,983 | ---- | M] () -- C:\Justin Timberlake -Im Bringing Sexy Back.mp3
[2010/02/01 18:11:10 | 003,969,563 | ---- | M] () -- C:\Kanon Wakeshima - Still Doll.MP3
[2010/02/01 18:09:35 | 001,778,861 | ---- | M] () -- C:\Kanon Wakeshima - Suna no Oshiro (Vampire Knight Guilty Ending).mp3
[2009/11/13 14:55:30 | 002,169,646 | ---- | M] () -- C:\Katy Perry - I Kissed A Girl.mp3
[2009/11/13 14:57:53 | 005,286,219 | ---- | M] () -- C:\Keri Hilson - Knock You Down ft. Kanye West & Ne-Yo.mp3
[2009/11/13 14:55:52 | 005,942,397 | ---- | M] () -- C:\Keyshia Cole- Sent from Heaven.mp3
[2009/11/13 14:58:36 | 004,580,359 | ---- | M] () -- C:\Kid Cudi - Day 'N' Night (Crookers Remix).mp3
[2009/11/13 15:49:40 | 004,257,883 | ---- | M] () -- C:\Lady GaGa - Love Games.mp3
[2009/11/13 14:59:19 | 005,223,837 | ---- | M] () -- C:\Lady GaGa - Pokerface.mp3
[2009/11/15 18:50:13 | 005,056,260 | ---- | M] () -- C:\Las Ketchup - Asereje.mp3
[2009/11/14 16:29:12 | 012,442,087 | ---- | M] () -- C:\Last_Night_Good_Night_-_VOCALOID_Miku_Hatsune_-_[findmp3s.com].mp3
[2009/11/14 15:55:41 | 006,125,244 | ---- | M] () -- C:\leona-lewis-bleeding-love.mp3
[2009/11/13 14:59:45 | 004,941,451 | ---- | M] () -- C:\Lil' Wayne- Lollipop ft. Static Major (dirty).mp3
[2009/11/13 15:00:34 | 003,584,907 | ---- | M] () -- C:\Lou Bega - Mambo Number 5.mp3
[2008/08/21 18:37:54 | 013,805,572 | ---- | M] () -- C:\Madagascar - I Like To Move It.mpg
[2009/11/14 16:01:32 | 004,686,064 | ---- | M] () -- C:\Mariah Carey & Whitney Houston - When You Believe.mp3
[2009/11/13 15:02:22 | 006,280,365 | ---- | M] () -- C:\Marilyn Manson - This is the New Shit(1).mp3
[2009/11/14 15:56:05 | 006,283,014 | ---- | M] () -- C:\Marilyn Manson - This is the New Shit.mp3
[2009/11/13 15:02:49 | 004,730,026 | ---- | M] () -- C:\Marylin Manson - Sweet Dreams.mp3
[2008/06/09 18:15:48 | 051,984,240 | ---- | M] () -- C:\michael jackson - billie jean (music video).mpg
[2008/06/09 18:42:36 | 142,731,472 | ---- | M] () -- C:\Micheal Jackson- Thriller (VIDEO).mpg
[2009/11/13 15:04:36 | 005,007,538 | ---- | M] () -- C:\Mindless Self Indulgence - Shut Me Up.mp3
[2005/08/30 21:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/13 13:50:22 | 007,056,195 | ---- | M] () -- C:\Naruto 12th Ending - Parade - Chaba.mp3
[2008/08/27 18:02:05 | 000,283,692 | ---- | M] () -- C:\Naruto 2 Full Movie English.mpg
[2008/07/08 17:52:10 | 000,283,692 | ---- | M] () -- C:\Naruto Episode 132 English.mpg
[2008/07/08 19:19:35 | 003,303,124 | ---- | M] () -- C:\Natasha Bedingfield - Pocket Full Of Sunshine.mp3
[2009/11/13 15:04:59 | 005,776,386 | ---- | M] () -- C:\Natasha Bedingfield- These words are my own.mp3
[2008/05/23 16:07:45 | 004,399,592 | ---- | M] () -- C:\Ne-Yo - So Sick.mp3
[2010/02/01 18:13:24 | 005,430,486 | ---- | M] () -- C:\Nickel Creek - Amazing Grace (Dulcimer, banjo & Fiddle).mp3
[2008/06/04 17:28:18 | 006,504,399 | ---- | M] () -- C:\Nickelback - Savin' Me.mp3
[2008/06/09 17:46:34 | 012,684,574 | ---- | M] () -- C:\No Air-Jordin Sparks ft Chris Brown (Official Video).mp4
[2008/06/09 17:28:32 | 004,231,168 | ---- | M] () -- C:\No Doubt - Don't Speak.mp3
[2004/08/09 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/09 14:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2009/11/13 14:28:52 | 003,028,218 | ---- | M] () -- C:\Oldies - 80s - The Bangles - Manic Monday.mp3
[2009/11/13 15:05:44 | 005,417,522 | ---- | M] () -- C:\ON OFF - Futatsu no Kodou to Akai Tsumi.MP3
[2009/11/13 15:48:31 | 006,444,942 | ---- | M] () -- C:\Owl City - Fireflies.mp3
[2010/07/09 21:12:31 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2010/07/05 09:01:49 | 000,179,200 | ---- | M] () -- C:\pb32.exe
[2009/11/13 15:07:32 | 003,906,281 | ---- | M] () -- C:\Pitbull - 02 - I Know You Want Me.mp3
[2009/11/14 15:57:05 | 009,569,269 | ---- | M] () -- C:\Pitbull - Hotel Room Service.mp3
[2009/11/14 15:58:11 | 005,473,824 | ---- | M] () -- C:\Plies - Definition Of Real - 10 - 1 Day.mp3
[2009/10/15 12:12:13 | 000,000,204 | ---- | M] () -- C:\Plugins
[2008/07/15 16:08:28 | 004,966,601 | ---- | M] () -- C:\Prince - When Doves Cry.mp3
[2009/11/13 15:08:46 | 004,341,885 | ---- | M] () -- C:\Queens of the Stoneage - 3s and 7s.mp3
[2008/06/09 17:30:03 | 000,014,133 | ---- | M] () -- C:\rainyday.jpg
[2009/11/13 15:09:12 | 008,136,740 | ---- | M] () -- C:\Red hot chilie peppers - Snow ((Hey Oh)).mp3
[2009/11/14 15:57:24 | 009,554,182 | ---- | M] () -- C:\Rhianna - Disturbia.mp3
[2008/09/03 15:34:36 | 009,070,098 | ---- | M] () -- C:\Rhianna -Take A Bow.mp3
[2008/09/03 15:12:23 | 017,260,953 | ---- | M] () -- C:\Rihanna - Disturbia (OFFICIAL-VIDEO).mp4
[2008/09/03 15:48:10 | 005,383,224 | ---- | M] () -- C:\Rihanna - Take A Bow Official Real Video HQ.mp4
[2009/11/15 18:54:03 | 003,255,575 | ---- | M] () -- C:\Rin Kagamine (Vocaloid) - Fear Garden.mp3
[2010/07/10 11:16:55 | 000,000,434 | ---- | M] () -- C:\rkill.log
[2009/11/13 15:11:20 | 009,340,670 | ---- | M] () -- C:\Sean Kingston - Fire Burning.mp3
[2009/11/13 15:12:05 | 005,728,941 | ---- | M] () -- C:\September - cry for you (remix).mp3
[2009/11/13 15:12:24 | 005,510,221 | ---- | M] () -- C:\Shaggy - It Wasnt Me.mp3
[2009/11/13 15:12:28 | 003,825,444 | ---- | M] () -- C:\Shaggy-Angel.mp3
[2009/11/13 15:14:44 | 008,759,412 | ---- | M] () -- C:\Shawty Putt- Lil Jon- That Baby Dont Look Like Me.mp3
[2009/11/13 15:15:26 | 004,160,909 | ---- | M] () -- C:\Skillet - Under My Skin.mp3
[2009/11/13 15:48:04 | 003,201,368 | ---- | M] () -- C:\Skillet - Whispers in the Dark.mp3
[2009/11/14 15:58:02 | 003,265,596 | ---- | M] () -- C:\Skillet-Whispers in the Dark.mp3
[2009/11/13 14:51:56 | 006,793,421 | ---- | M] () -- C:\Sonique - It Feels So Good .mp3
[2008/07/15 09:45:23 | 002,206,080 | ---- | M] () -- C:\Switchfoot - You're My Angel.mp3
[2008/10/09 06:35:59 | 000,000,396 | -H-- | M] () -- C:\T4Metrics.log
[2009/11/13 15:48:34 | 002,614,292 | ---- | M] () -- C:\Tainted Love - 1980s - Retro 80's Rock - Soft Cell -.mp3
[2009/11/13 15:48:35 | 004,485,333 | ---- | M] () -- C:\Taylor Swift - Tear Drops on My Guitar.mp3
[2009/11/13 14:29:26 | 006,837,441 | ---- | M] () -- C:\The Betles - hey jude.mp3
[2009/11/13 15:16:32 | 000,908,841 | ---- | M] () -- C:\The Cuppy Cake Song.mp3
[2008/07/31 16:40:23 | 005,483,632 | ---- | M] () -- C:\The Dream - I Luv Your Girl .mp3
[2009/11/13 15:19:12 | 002,283,449 | ---- | M] () -- C:\The Fleetwoods - Mr Blue.mp3
[2008/08/21 18:32:38 | 000,277,054 | ---- | M] () -- C:\The Gummy Bear Song.mpg
[2009/11/13 14:13:36 | 004,676,365 | ---- | M] () -- C:\The Hazzards - Gay Boyfriend.mp3
[2008/07/13 12:19:08 | 002,517,094 | ---- | M] () -- C:\think you can dance bleeding l .mpg
[2009/11/13 15:48:15 | 006,070,861 | ---- | M] () -- C:\Three 6 Mafia - Lolli lolli (pop that body) (feat. Project Pat, Young D and Superpower).mp3
[2008/07/08 19:17:34 | 005,329,802 | ---- | M] () -- C:\Vampire Knight- Futatsu no Kodou to Akai Tsumi.MP3
[2008/03/18 14:23:09 | 000,052,395 | ---- | M] () -- C:\VETlog.dmp
[2008/03/18 14:23:09 | 001,543,147 | ---- | M] () -- C:\VETlog.txt
[2009/11/14 15:55:37 | 002,349,665 | ---- | M] () -- C:\Vocaloid - Len and Rin Kagamine - Kokoro.mp3
[2009/11/13 15:20:36 | 005,429,982 | ---- | M] () -- C:\Vocaloid - Trick or Treat.mp3
[2009/11/14 16:03:10 | 009,781,824 | ---- | M] () -- C:\Vocaloid feat. Hatsune Miku - Love is war.mp3
[2009/11/14 16:04:55 | 005,472,113 | ---- | M] () -- C:\vocaloid gemini.mov
[2010/02/01 18:11:38 | 004,122,977 | ---- | M] () -- C:\Vocaloids - Alice Human Sacrifice(1).mp3
[2010/02/01 18:02:46 | 005,803,858 | ---- | M] () -- C:\Vocaloids - Dark Woods Circus(1).mp3
[2009/01/02 16:05:47 | 000,000,004 | ---- | M] () -- C:\WLCount.Txt
[2008/07/08 19:18:26 | 005,212,640 | ---- | M] () -- C:\Wolf's Rain - Stray (Full).mp3
[2010/02/01 17:54:16 | 005,780,799 | ---- | M] () -- C:\Ying Yang Twins - usa - ft. Pitbull - Shake 19.mp3
[2008/05/20 18:57:40 | 041,046,020 | ---- | M] () -- C:\Yuna 1000 Words Cinematic Movie FMV FFX-2 Final Fantasy X-2 ENGLISH.mpg

< %PROGRAMFILES%\*. >
[2010/02/16 15:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\9Dragons
[2006/05/05 03:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/05/18 16:12:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/07/08 19:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\alot
[2010/02/12 18:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2007/03/15 19:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2008/06/25 10:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0a
[2008/10/05 14:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Anime_Episodes
[2009/01/24 05:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Antivirus 2009
[2008/05/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/08/15 11:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/06/21 07:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Deskbar
[2008/06/08 05:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2009/11/09 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/18 05:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Applications
[2009/11/08 08:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Ascentive
[2010/03/21 12:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2006/09/14 16:50:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2009/09/13 16:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/10/15 13:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Audiosurf
[2008/06/04 12:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\AvancePaint
[2009/01/17 08:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/04/17 10:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\aVinci
[2008/10/14 15:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie
[2009/12/01 18:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\BlackMagic Home Edition
[2010/05/26 17:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/09/17 08:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/05/19 14:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Chatango
[2006/05/05 03:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/05/05 03:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Connections
[2005/11/11 15:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/08 17:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/06/22 10:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2008/11/01 15:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberDefender
[2008/05/06 14:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\DialIdol.com
[2006/05/05 03:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\DISC
[2006/12/21 14:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2008/09/07 17:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/09 12:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2010/06/25 06:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/06/25 06:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2006/05/05 02:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2009/02/24 16:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/02/17 12:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2008/05/16 17:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2009/12/02 15:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\GALA-NET
[2006/05/05 02:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/09/28 13:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2009/08/31 14:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\GIMPshop
[2006/05/05 03:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/20 15:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2006/05/05 03:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/05/05 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/05/05 03:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2006/05/05 03:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\HP Rhapsody
[2007/03/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2008/10/12 22:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\InetGet2
[2006/05/05 03:15:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/04/11 14:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/07/06 13:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/26 17:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/26 17:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2006/05/05 02:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/11/01 19:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/03/21 12:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/04/16 11:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/02/18 04:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2010/02/13 18:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/02/13 12:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/02/18 04:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2009/11/13 13:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Media Widget
[2010/07/09 20:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/05/05 03:19:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/02/19 01:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/06/08 05:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2005/11/14 18:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/01/08 17:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2006/05/05 03:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2006/05/05 03:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/20 01:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/05/05 03:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/05/05 03:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/05/05 03:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/01/18 06:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mjcore
[2010/07/09 20:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/08 20:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/21 00:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/11/15 10:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/14 18:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/05/05 03:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2008/03/20 11:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2005/11/14 18:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/15 03:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/15 10:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/24 20:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2006/05/05 03:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\music_now
[2008/05/15 09:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2010/05/18 14:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/06/17 08:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2005/11/14 18:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/05/05 03:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2008/11/10 16:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Network Monitor
[2008/11/01 18:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\NoAdware
[2010/07/06 13:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2008/10/25 04:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2009/12/14 13:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/07/07 10:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2006/05/05 03:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/09 20:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/15 11:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Outspark
[2009/10/15 12:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/12/02 15:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2006/05/05 03:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2006/05/05 03:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2008/05/24 20:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2009/11/01 10:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\PlaySushi
[2009/02/05 12:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\Pointstone
[2009/07/07 08:14:28 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/04/30 14:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\portalgraphics
[2006/05/05 03:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/05/26 17:48:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/05/05 03:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/21 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/14 09:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2008/05/26 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Riverdeep
[2008/03/20 13:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\RogueRemover PRO
[2010/07/05 17:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\scdata
[2009/12/08 05:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Shared
[2007/06/28 05:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2006/09/25 01:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\Snood
[2006/05/05 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/11/01 14:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2008/05/08 19:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/07 07:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2006/05/05 03:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/07/04 08:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sysinternals Antivirus
[2010/06/27 17:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/06/27 17:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2008/06/08 05:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2008/12/16 15:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\The Print Shop 20
[2008/01/09 17:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2010/01/27 15:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/11/11 15:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/20 12:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\UTAU
[2008/06/05 18:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/21 18:50:47 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2006/09/15 16:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\VZBB Toolbar
[2009/10/04 14:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Walgreens
[2008/12/21 13:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2008/10/13 16:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\webHancer
[2009/01/18 07:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Webtools
[2006/05/05 03:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/10/07 08:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinBudget
[2009/06/11 15:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008/06/27 20:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/07/09 20:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/11/14 18:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 18:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/11 15:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/13 13:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/15 13:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/02/04 19:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Wonderland Online
[2010/06/27 17:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\WTouch
[2005/11/14 18:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/04 07:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/08/30 13:52:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:disk.sys
[2004/08/09 21:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2004/08/09 21:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbstor.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:usbstor.sys
[2004/08/09 21:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/09 21:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-10 10:02:25

========== Files - Unicode (All) ==========
[2009/11/14 16:24:13 | 000,865,928 | ---- | M] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3
[2009/11/14 16:04:15 | 000,865,928 | ---- | C] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 4:40 am

Extras.txt[u]

OTL Extras logfile created on: 7/10/2010 11:29:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 84.61 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"DISCover" = DISCover
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WT004602" = Tornado Jockey
"WT005532" = Polar Bowler
"WT005533" = Polar Golfer
"WT005534" = Ricochet Lost Worlds
"WT005537" = Super Granny
"WT005538" = Tradewinds
"WT005540" = Blackhawk Striker 2
"WT005541" = Blasterball 2 Revolution
"WT005542" = Blasterball 2 Remix
"WT005544" = Bounce Symphony
"WT005611" = Tennis Titans
"WT005612" = Family Feud
"WT005613" = Flip Words
"WT005614" = Insaniquarium Deluxe
"WT005615" = Jewel Quest
"WT005616" = Mah Jong Quest
"WT005617" = Mystery Case Files
"WT005618" = Poker Superstars
"WT005619" = SCRABBLE
"WT005620" = Slingo Deluxe
"WT005621" = Alien Outbreak 2
"WT005622" = Fairies
"WT005623" = Snowy The Bears Adventure
"WT005625" = Bejeweled 2 Deluxe
"WT005626" = Big Kahuna Reef
"WT005627" = Bookworm Deluxe
"WT005628" = Chuzzle Deluxe
"WT005629" = Diner Dash
"WT006068" = FATE
"WT006070" = Ancient Sudoku

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 7/9/2010 12:33:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:33:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:33:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:34:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:35:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:35:25 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:35:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:36:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:41:29 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 11:46:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB975560).


< End of report >

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun 11 Jul 2010, 5:09 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 5577
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [PCDrProfiler] File not found
    O4 - HKLM..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
    O4 - HKCU..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()

    :files
    C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud
    C:\pb32.exe
    C:\Program Files\extra1.dat
    C:\Program Files\alggui.exe
    C:\Program Files\skynet.dat
    C:\Program Files\nuar.old
    C:\Program Files\wp3.dat
    C:\Program Files\svchost.exe
    C:\Program Files\wp4.dat
    C:\WINDOWS\yvivopux.sys
    C:\WINDOWS\ajutiw.sys
    C:\WINDOWS\opavudukul.sys

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

======

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 11 Jul 2010, 5:44 am

It did ask me to REBOOT so I did.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 5577 removed from network.proxy.http_port
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ypcaptuk deleted successfully.
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ypcaptuk deleted successfully.
File C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe not found.
========== FILES ==========
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud folder moved successfully.
C:\pb32.exe moved successfully.
C:\Program Files\extra1.dat moved successfully.
C:\Program Files\alggui.exe moved successfully.
C:\Program Files\skynet.dat moved successfully.
C:\Program Files\nuar.old moved successfully.
C:\Program Files\wp3.dat moved successfully.
C:\Program Files\svchost.exe moved successfully.
C:\Program Files\wp4.dat moved successfully.
C:\WINDOWS\yvivopux.sys moved successfully.
C:\WINDOWS\ajutiw.sys moved successfully.
C:\WINDOWS\opavudukul.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 709929 bytes
->Temporary Internet Files folder emptied: 17200560 bytes
->FireFox cache emptied: 17590103 bytes
->Flash cache emptied: 585 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 748681563 bytes
->Temporary Internet Files folder emptied: 1018406511 bytes
->Java cache emptied: 5229747 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75.000
->Temp folder emptied: 266152575 bytes
->Temporary Internet Files folder emptied: 448184378 bytes
->Java cache emptied: 34915360 bytes
->Flash cache emptied: 45683 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75.001
->Temp folder emptied: 9795161 bytes
->Temporary Internet Files folder emptied: 6598677 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43909091 bytes
->Flash cache emptied: 300 bytes

User: Compaq_AdministratorYOUR-4DACD0EA75

User: Default User
->Temp folder emptied: 709929 bytes
->Temporary Internet Files folder emptied: 810744 bytes

User: Elani
->Temp folder emptied: 51965 bytes
->Temporary Internet Files folder emptied: 309191 bytes
->Flash cache emptied: 300 bytes

User: Elani's
->Temp folder emptied: 893739 bytes
->Temporary Internet Files folder emptied: 5948082 bytes
->FireFox cache emptied: 3501250 bytes
->Flash cache emptied: 2605858 bytes

User: Elani.YOUR-4DACD0EA75
->Temp folder emptied: 9369316240 bytes
->Temporary Internet Files folder emptied: 2240252016 bytes
->Java cache emptied: 19610340 bytes
->FireFox cache emptied: 65019394 bytes
->Flash cache emptied: 315119 bytes

User: Elani.YOUR-4DACD0EA75.000
->Temp folder emptied: 2674497841 bytes
->Temporary Internet Files folder emptied: 1207748679 bytes
->Java cache emptied: 36368816 bytes
->Flash cache emptied: 174793 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 14052380 bytes
->Flash cache emptied: 596 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 108195118 bytes
->Java cache emptied: 2476 bytes
->Flash cache emptied: 56206 bytes

User: pat
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58707 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 376182173 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 709929 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 810744 bytes
RecycleBin emptied: 114024899 bytes

Total Files Cleaned = 17,986.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07102010_141333

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=81957[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=29652[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=76420[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=549907;tvch=59952749;u=tvch=59952749,tvvid=549907,page=21003206;tile=1;ord=49459[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\UZMRA16Z\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=13;tvvid=30244209;tvch=265258008;u=tvch=265258008,tvvid=30244209,page=21003206;tile=1;ord=72092[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\UZMRA16Z\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=68788[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1V8TGZQ\;sexy=false;publisher=Jahmel15;videopermalink=v3303156BG8r4xT2;filter=on;age18+=no;ucategory=Animation;intel=true;pos=right;tile=1;sz=300x250;veohtv=no;pcategory=;sexy=f[1] not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1V8TGZQ\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=8282989;tvch=174952687;u=tvch=174952687,tvvid=8282989,page=21003206;tile=1;ord=91920[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\R06E6Q30\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=22677[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\R06E6Q30\click,jgIAAGmGBADVxQoAE6kDAAIAAAAAAP8AAAAHDQIAAgKSrgEAOYcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfz20cAAAAA,http%3A%2F[1].com%2Fmika%2Flollipop%2Flyrics%2F41531172,;ord=1205597015 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\;kw=Phyllis+Reynolds+Naylor;tid=12021543;scat=;pcat=literature;pos=2;tile=3;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;cs[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=549907;tvch=59952749;u=tvch=59952749,tvvid=549907,page=21003206;tile=1;ord=82857[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\dref=http%253A%252F%252Fwww.[1].com%252Fusers%252FJouninShinobi%252Fquizzes%252FWhat%252520Naruto%252520Character%252520Character%252520are%252520You%252520Most%252520Like%252F not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M9B4MSPZ\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=543960;tvch=59952749;u=tvch=59952749,tvvid=543960,page=21003206;tile=1;ord=39590[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;kw=Phyllis+Reynolds+Naylor;scat=;pcat=literature;pos=6;tile=6;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=1964;csrc=[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;scat=;pcat=literature;kw=Phyllis+Reynolds+Naylor;pos=3;tile=4;sz=728x90;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=1964;csrc=2[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;sexy=true;publisher=Jahmel15;videopermalink=v3303156BG8r4xT2;filter=on;veohtv=no;login=no;intel=true;pcategory=;age18+=no;ucategory=Animation;pos=bottom;tile=3;sz=728x9[1] not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=68659[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T8V034B\;dcopt=ist;kw=Phyllis+Reynolds+Naylor;scat=;pcat=literature;pos=1;tile=1;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LAZ09IF\click,jgIAAG6GBADVxQoAE6kDAAIAAAAAAP8AAAAHDQIAAgKSrgEAOYcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAErz20cAAAAA,http%3A%2F%2Fus.ard[1].com%2Fartist%2Flyrics%2F39443083,;ord=1205597002 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LAZ09IF\dref=http%253A%252F%252Fm[1].reply%2526friendId%253D9321910%2526type%253DInbox%2526messageID%253D258256043%2526fed%253DTrue%2526MyToken%253Db2dc484a-26cd-44ee-a3f0-77314ce6d2d7 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=23915154;tvch=102480794;u=tvch=102480794,tvvid=23915154,page=21003206;tile=1;ord=98358[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=543960;tvch=59952749;u=tvch=59952749,tvvid=543960,page=21003206;tile=1;ord=78028[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\dref=http%253A[1].com%252Fusers%252Forangepearlvoice%252Fquizzes%252Fwhat%252520mermaid%252520melody%252520character%252520are%252520you%25253F%252520%2528girls%2521%2529%252F not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TYJGH6N\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=79133[1].asx not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\7YCALV3UK8CAS470DQCAO347DOCA1SODMLCAW9SLP6CA60GHNDCA89BE1PCAZA4STDCAYXJY9RCAR79QATCAY881STCA8AQKT8CAEQ0VNTCAYU9G3UCA12XY54CA6QT5LQCAE4QVB8CA4Y4G3VCAF1XJGTCAA0WU5ZCALG1NOE not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\AACAAJVP5MCASCX9KDCARO2NJPCALACNCKCARSESM6CABD4LN8CAOLV6U1CAAK8OUJCA2X7QNWCAEQVUDJCAXOYOTHCAU2WP4CCADK4LF3CAY8GPX5CAZR6GR2CASBISLCCARORFU3CAWAUBG2CAV43QBRCAMGBM52CAQ14WZP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\C2CAL742VCCAXOOYNMCABJI899CAOPM42PCA95LU2MCAB8SPOWCAUR6PQOCAUH9Y2ICAMRDML0CA61C3CECAJBD3K7CAW9CSHZCAAVFMBPCA23UPHICAM9R94XCA9KPUWECAU9KRK8CA4D7QJUCA7DZMDRCAMNMOYPCARCTBG9 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\CSCASSDYSQCA33FFGACA26207QCAQ5KHWNCAZKICR0CAVGS6MSCA1PWH6ICAJOIW05CAJ97HF0CAPJ3TEVCAW2651DCAY07M7YCA1VLIZCCAXX5ELFCAT76R02CA5DWFO3CAXSO7RVCA78GVUVCARUFFRHCA2C7XG2CA0FHAHD not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\promo3;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_5;tile=5;ord=3629686073997818[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\RDCAK5DQZSCAJ2R4LUCAQQEACQCATI62ZSCAPXO6MZCATSLJMNCAAWNH44CA98AY31CAHZZ9AOCA6Q8V19CAE2DQ11CA9X0XJECAQ2KDKFCA5ASHR6CAMFQ6KLCA9DWL22CAY56YJYCAPA58P7CA3IAD9WCAFFTGBOCAZUD77L not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\SICAVEA4NPCAA0O6ASCA3LCCIVCANHQXQZCAT1NH72CAFOEVXECASJ4DK0CAI9GOENCAM0LMV7CA2RAF8PCA9ETHF7CACD32ZZCALLKK0XCARFZA80CAQ7BDL1CAFM9VP4CAM7R7EUCAC0UAHLCAN53KD5CASHOERMCAKWCB42 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\Z1CAFJEU2FCAU5LPSDCA54DIMCCA64CAT0CAW9A8XDCAZ8IMEICA18WR3TCATEMC3RCAQP7HQBCAIP37NHCAU2SKFQCAR7W8RECAXGJV10CAJRMVH7CAG306Z7CAH3RIKVCA9XTBE6CANG9PGRCA0PDMEOCA45ZO6KCARSMC5R not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\ZSCA1859M0CAYFM9UKCAP2ZD7PCALF1SSACA6OPIIZCA4C04CUCAAYLMQBCAMU8V5YCA3TP217CA24KH0ACAMPNGARCAGIHTLBCA7UICK4CAMOO1UHCAV6TYXSCAX2AHDMCA63YIIICAK7S8YACAOJRBVICATKH8YBCAKTWDJC not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\ZVCAVP56PSCA9T6RTLCAWA0O7QCAW4W9P3CAQ8LOFTCA8QR5SOCABUAA6OCAKAQVVQCAME1GR0CALAXXUWCAYB06ESCAR5PJG8CAEFACMYCAP3GGIUCAOWTMVGCA6TKHGICAAIUX8DCAB8FL02CAS6TKZ3CAN24QXFCAPDQDQH not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\8ECANO79RPCAFO0Y3LCA9ZWP1NCAW1FJUICAEFG9Y8CA9L80R2CA5XJQZ6CABT6QNYCAJGL3QMCA2PDMG1CA8R4NCOCATV7QQGCAE3N97SCA01D969CATWOEF5CAT401HTCAUMALONCAAAV8QJCA9Y7IH8CARJAH4BCA2PC87Z not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\promo1;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=9496988669000552[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\W1CAEJ7IBJCANDHJNQCAFQ5PUXCAU5JJWECAJ06R70CAIQ1FKSCAT8FA1GCAV95HF0CA6LN1HTCA4JR751CATVPF3VCAEYZEEFCARFJANMCAGSP8YXCAHX0ZYPCAST632CCAF1KZAWCATKWXSXCAZS1VNHCA12EPUOCA1M7332 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\_default;sz=960x250,960x110;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=429815789715274[1].htm not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\0YCAQCNPM3CA8OV6NFCAJRY5XNCAS6YHJECAIB42JUCA452WZ8CALR1Y1LCAR4X0TMCAJ2MLDQCACVTO9BCAKCIMCPCAP21J7VCAORPCXKCAUATRXNCAKLFZ5XCAO5CRF8CAXR02GKCA0P03WXCA2I8OS7CASBY5LICA2KK3UP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\2VCAQEYZTZCAH8EDAECAN5Y8M8CA1PC7UJCAF7DQVUCAOW3E42CA3RBLSLCAI6LTQZCAY43BP7CABFHNEICA1ZEDIECAPO39QBCA5F7MKOCAPIKSIFCAHNGUESCAXIK7ETCAW05BTTCAKCFNRWCAZFM3KSCABJLKV1CAHQ26KD not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\7FCA3V74RBCAUFFMK0CA60KH50CA5U4VB7CA11BHNFCAV864K9CATTDFOTCAFQPP9HCANIF0MLCAPPB2B3CAEKHQ5KCANVS846CA0SJTAFCAO2YCERCAOZ31PRCAJEELMRCA5NUWM3CA02ZK5OCAYRRZ23CA0QPFM6CAEE1YK3 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\8TCAKOTVP3CA3BNROZCAF214H7CA30BUXSCAT6H58TCAE8KPBWCAH46KF9CA2VQ19GCAAEK9XSCAXM2094CA9CJR84CA9XMG6XCALX5HWTCANX73B3CAW2DERDCA3NJWPDCAFLOM2LCA66H0JICADMJVAFCA2MB9Q5CAJVIWKM not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\BVCAFTZSTWCAU8E6V5CAKROIHWCARZ7LHXCAFHGMYVCABC6IVICA7TU1SWCAQFYT4ACAF8PUF3CAM0OWU4CA70HZ0OCAJ8DH92CADF3TB2CAQD0EIECARCELZ3CAMTQW8ACA8DFTCHCAR5D3L9CAJKDJHOCAN6THK5CAN3FH7D not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\GRCA7N7Z6BCAXBSE4ECAIQV590CA06F38JCA0YVAC6CAJRAS43CAQI4LP3CA8BV29NCATQ0D26CAN7NZ0QCAQMOGS7CAE32KGJCAPT4U3PCA0EIJYKCA5CPFO8CAU35T2OCA738MN5CAVQVJHLCAAJHS4UCAOD2QHJCA75K65F not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\IQCAUJWLAZCAFNQBSLCAGYHUWSCAL7L5NSCAB2WHPPCANY6VEUCAE7POO6CA7YS7BWCALROF7VCAXA6QVBCAAXQY41CAC3YGD4CARM4UIICA21BTOACAL8TV7HCAFRYX1DCAD1J7M0CAL2FTFPCAL3T2RBCAD47C3CCAEQJPRN not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\K1CABCHGG4CALUP7D7CADV6V3DCABKTY9MCAFFV0WSCABBOOCDCA3YWLKPCAZU0JRNCAFGOM43CAGR2K5XCACII7A9CA8K7CCNCARJWLF4CARZP2IICAJ04KYXCAHJJY1ACA69RDX0CAXG9F0VCA491WNVCAA6XDSWCA05Q0DT not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\NXCAVMOKEPCAL47OEGCARHACWQCATC08E3CA95KPXNCASZ3QF1CAR01M5PCA2DAQIFCAF112SGCA4HN65RCA0AXFKLCAOJJ9LHCAOXOV8FCA41KHE5CASNKROCCA552M8KCAKWGT5ZCAL687ZBCAAFU7OZCA3J1BSSCAT7RSK6 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\QHCAVZ9B74CAFBPTGWCAH96JRRCAVY9CKUCAUY0403CAPRNZ3CCA3G9O3TCAT6SY60CAZY4M3QCAF8P9SRCADZMQE7CAL9H16NCAIQRTF6CAAYTHECCAIM1RDJCA3OP6F9CA8D1DK0CAUA2SOQCA021G4WCACU69WNCAZQXNFY not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\SHCAIJU6LUCAVRLYWZCA5SH8E1CAJE8Y1BCAVTQGPACA9Y2AJUCAEAR4ZDCA1Q2Z1KCAWJKTM6CA9H2PEACAVKBJ36CAAPR4ESCA62XPEWCAZ2VSWACA90HQ4YCAKJ18COCAP9LJGQCAY3KHD1CARRYPRCCA8QYGRUCA5DVUR1 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\USCAGP08FBCA38DVDYCAHYR87MCAN9F2U2CAI1OJXUCA21J9WBCA2A9VWWCAFLZGIACARTPN4CCAQZLQ0KCAMYCODVCA0HYROVCA2OUS7ZCAW76YBPCARBAOLGCA1HYXE6CAT6TBUICAZXEGI6CAFDVLMRCAQRNNHDCAXPSDAP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\WHCAH6ROFYCACXII6ICA8NLN2RCA0XTQNQCAW8B15TCAGIQ45WCAVSL5J6CAG523MYCABRSASCCA3H1YTYCAWAXZ4XCA4A7DTCCAMP8HN4CA0S430NCA3M6093CAA8HIIPCAMGHY0ECA8ZAX0KCACBIQPMCA0T9Q6TCASXX1X5 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\YTCA4F5DP1CAJODW8XCAK6IZWUCA3TOORECA8ENPMUCA5476PCCACXP10PCAC72NUJCAOY9B69CANP3FKXCAWE5KINCAQ711TYCAKJ5K9CCAB3XKG2CAH73HY6CA9OG2C9CAJPT67QCAIVRKW8CAVRY4OZCAH0KXBDCARCTAHC not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\2WCA1PHQOQCAXPQW5ACASXL9XHCAXXWOB1CADQ7GBACA8SLVT6CA1NKCOUCAAZKJ7HCAYU5PIOCABSKMDTCA2WRD20CAEYXK5OCAKKSUWNCAV9SMGPCA6JNVA6CAXF555OCA6EBUR1CAQ9SP93CA1PS32WCAX1PE62CAKI3D75 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\3CCA70MHORCAOES5JXCAGMQRI7CAHPG4XGCA1H436PCAGD072MCANB63S7CAO7KFASCAOTG7FQCARW8O9YCAIADDGTCA7BBZM5CA1YVZWZCAY0GTBCCAN0RNTHCA0S6VXMCADIDOA0CAGSWI84CAURDQ1KCAZ4C1PHCAS82A4L not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\3CCAIK972MCAZKW9EUCAPQ0M22CAQRB9EZCA55X8SBCADRK28LCAK40UBDCAW31KQ8CA1TU834CA5JYH0CCAX4DQY2CAMIBZ9CCAC5TIKUCAJJUXXKCA853QN2CA6UAGG5CA5DVUK2CAAS21SUCAPDPK8PCA7TB50CCA1SA6UQ not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\DctMTFkZS04NTM2LTAwMWU2ODQ5ZWY5ZgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.myyearbook.com%2F%2Fajax%2Fsecretadmirers%2Fmatch_ads_top[1].php%3Fmybt%3D1250305223031,;ord=1250305227 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\FCCAVYO64WCAARZQ8QCAWNE3ILCA4F8JI8CAJ8OWAQCALHV6MJCAHMSSIRCAFXJY2ICADH0SO8CAX2MNH8CA4ICWMICAZVAUC2CA5BIZ3GCARS7KUPCAD92IA7CA65LQG6CA88SGK1CAEXDHQRCAXZIG7LCANMFB2ZCAK2CQ1Z not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\promo2;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_4;tile=4;ord=9576259428295160[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\QTCA20WHCGCAEIHISVCAUCXI3CCAZ4DY7CCAPOK22FCAQTDMYSCAQGBWRKCAGGV15XCAYW5EF8CAS18PO6CA7IPDLDCAMZO9E7CAQ6TQ5NCAHFOI9WCA0MXKKHCAI75TT6CAPPU770CAEY291TCA1KWFOFCAJML0DUCAG81M0M not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\RSCA2LZOE0CAC2C9FRCATYBMUSCAMFNW06CADQHZ7ACAMI9F3YCAW9AFVHCAR1I041CAHAULO7CAFY6NTNCA26GR8ECA02M4BSCAQ2ROF5CA3GAGHOCAS35V51CA7VQJXHCA0G8BFICAPL3CX4CA6SHKPZCAHCQ7R7CAFOMQ5A not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\V8CAJ1VEMRCAFUZJ4BCAE96F81CAQRN6VMCAOJQHMDCAU4KBI6CAVY4DBECAH4KRISCAA06828CAWM0UZACA745288CAQCJRGVCAUDNK58CA1UZX33CACCAPHQCAJ0YS56CA1VL3H9CAID915QCADIIS6ICAZQIT4MCAU9JJBG not found!

Registry entries deleted on Reboot...

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun 11 Jul 2010, 11:26 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Mon 12 Jul 2010, 2:48 am

Somehow I thought I understood that you only run ComboFix if the step before it didn't work so I left my daughter's without doing it. When I got home and reread it I realized that I hadn't finished but it was too late at nighht to go back. It looked like Windows Recovery Console was something I should have on my own computer so I ran it. It was late at night when I did it and I got tired while waiting for it to run (commy.exe) so I went to bed. This morning it looked like the computer rebooted but when I signed on it continued searching and produced a log, which I've saved. So now my problem is that when I try to get onto the internet (IE & Firefox) it says that an Illegal operation was attempted on a registry key that has been marked for deletion. I thought I saved the log to the desktop so I just searched for it, thought I found it and sent it to the flash drive so I could send it now. When I tried to open it on the laptop the file had nothing in it. I went back to my computer and when I try to open it, I get the same error message. I tried searching in Safe Mode and the file doesn't show up. I tried rebooting into Safe Mode with networking to see if I could get on the internet and now I can't even get into Safe Mode. I'm afraid I've really messed up. Is there any hope? Thank you again for your time.

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Mon 12 Jul 2010, 4:49 am

Hi,

Not sure about that error, I saw someone with that error yesterday, I doubt the machine is borked, but it is nothing I can't fix. I will ask my instructors about it when they get on MSN.

As for now, lets continue on, with the removal.

First reboot and try to go into normal mode, if not go into safe mode with networking and try this:

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Mon 12 Jul 2010, 5:55 am

Hi,

Scratch those instructions, please open System restore, you can do this by going to 'Run' and type 'System Restore' and there should be a restore point ComboFix made, please go back to that restore point and see if you still get the error.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Mon 12 Jul 2010, 10:51 am

when i download Combofix it didn't give me the option to change its name and didn't appear on my desktop but i can run it (XP) what should i do ?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Mon 12 Jul 2010, 10:56 am

Do you still get the "Illegal operation error"?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue 13 Jul 2010, 6:43 am

"illegal operation error"? I don't get it on either machine. I thought I had replied and asked if I should do do the ComboFix thing but now I don't see that post. Should I still follow the directions for that, on my daughter's machine?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Tue 13 Jul 2010, 10:10 am

Hi,

Try running this on the infected machine:

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue 20 Jul 2010, 1:29 am

I have been unable to work on my daughter's computer so I had her try to work on it. She is having a problem completing the last step (ComboFix). She can't seem to rename it and when she tries to run it nothing happens. I will have time to go over there later today but just in case I am not successful I wanted to know if there is something else I can do? Thanks again!

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Tue 20 Jul 2010, 6:25 am

Hi,

Don't worry about renaming it, you can just run it as is.



I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by Sponsored content Today at 2:58 pm


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum