wuauclt.exe is infected

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

wuauclt.exe is infected

Post by mjomisko on 9th July 2010, 2:14 pm

My daughter's computer (running XP) has multiple problems and is unusable at the moment. I see two pop-ups on it. One says wuauclt.exe is infected and the other says discstreamhub.exe is infected. I'm not sure but I don't think this is all that is wrong with it. I just registered on this site and have done a little of the intro reading about how to get started. Should I worry about Adobe and Java being updated before we begin working on her computer? Also, should everything done, while trying to fix it, be done in Safe Mode?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 9th July 2010, 4:35 pm

Hi, Smile

Please run this in normal mode. Right On!

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=========

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 1:09 am

I found out that they can't open the internet. The pop-up says "AV Security Suite Demo". It looks like a Windows Security Alert." If you click on it it wants you to run a virus scan and you can never actually get on the internet. I was on it last night in Safe Mode but your instructions say to do it in normal mode. I'll wait for further instructions.

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 10th July 2010, 1:12 am

Hi, Smile

Please run it in Safe Mode if it will not download/run in normal mode. Right On!

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 10th July 2010, 1:17 am

Hi, Smile

Please run them in Safe mode, if they will not run in normal mode. Right On!

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 3:19 pm

This is the message I got when I ran RKill.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Compaq_Administrator on 07/10/2010 at 11:16:53.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\rkill.scr


Rkill completed on 07/10/2010 at 11:16:55.

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 3:49 pm

I ran a scan on OTL and it looked like it was reading the files, then at the bottom there is a message that reads "Manual File Scan - Getting folder structure.... It seems to be frozen at that point. The notepad windows never open up. What to do???

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 10th July 2010, 3:58 pm

Hi, Smile

Please end the scan, and redo the scan without the custom scan.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 4:04 pm

I just reposted the results of the OTL custom scan. What about the RKill scan?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 10th July 2010, 4:07 pm

Hi, Smile

Don't worry about posting the Rkill log, please just post the OTL logs, you may need to split them into multiple posts.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 5:38 pm

OTL logfile created on: 7/10/2010 11:29:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 84.61 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/05 03:37:18 | 001,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/05/05 03:24:23 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2006/03/16 02:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/16 02:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2005/09/24 15:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2005/09/17 00:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/09/17 00:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/17 00:27:02 | 000,052,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/05 03:24:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/09 21:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2006/05/05 03:37:18 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/10/13 08:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 15:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 11:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 00:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 00:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2006/05/05 03:37:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/16 09:00:00 | 000,321,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/24 19:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/19 11:23:52 | 000,196,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/09/19 11:23:48 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/19 11:23:40 | 000,031,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/09/19 11:23:36 | 000,027,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/09/19 11:23:32 | 000,109,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/09/19 11:23:26 | 000,012,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/09/17 00:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/01 19:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5577
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 20:10:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 20:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/05/05 03:08:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2006/05/05 03:16:02 | 000,000,000 | ---D | M]

[2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Extensions
[2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\extensions
[2009/09/07 14:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
O4 - HKCU..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/08/28 15:18:23 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:36 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:37 | 000,715,840 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2009/08/28 15:23:31 | 000,000,180 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009/08/28 15:23:36 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 4.0 & Silverlight 3.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{f548df6a-9bbd-4268-a68b-92f1e425c085} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/10 11:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
[2010/07/10 03:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/08 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
[2010/07/08 20:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla
[2010/07/08 13:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Macromedia
[2010/07/08 13:18:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Videos
[2010/07/08 07:42:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
[2010/07/08 07:42:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
[2010/07/08 07:41:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
[2010/07/08 07:41:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Music
[2010/07/08 05:13:16 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/07/08 05:06:38 | 002,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/07/08 05:06:38 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/07/08 05:06:37 | 002,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/07/08 05:06:37 | 002,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/07/08 04:46:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/06 13:50:19 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/07/06 13:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/07/06 13:19:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/07/06 13:19:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/07/06 13:19:07 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/07/06 13:19:07 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/06 13:19:05 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/07/06 11:14:29 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/06 10:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
[2010/07/06 10:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud
[2010/07/06 10:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Sun
[2010/07/06 10:57:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
[2010/07/06 10:00:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Documents
[2010/07/06 09:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LimeWire Saved
[2010/07/06 09:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Documents
[2010/07/06 09:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\LimeWire Saved
[2010/07/06 09:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Incomplete
[2010/07/06 09:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
[2010/07/06 09:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Adobe
[2010/07/06 09:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\needapai
[2010/07/06 09:26:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Recent
[2010/07/06 09:25:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/06 09:25:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/07/06 09:17:14 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/07/06 09:15:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft
[2010/07/06 09:15:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data
[2010/07/06 09:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\My Pictures
[2010/07/06 09:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Favorites
[2010/07/06 09:15:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Cookies
[2010/07/06 09:15:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Wildtangent
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Real
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Intuit
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Identities
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\HPQ
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\HP
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Google
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\ApplicationHistory
[2010/07/06 09:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2010/07/06 09:15:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\SendTo
[2010/07/06 09:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Start Menu
[2010/07/06 09:15:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Templates
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrintHood
[2010/07/06 09:15:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NetHood
[2010/07/06 09:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\WINDOWS
[2010/07/06 09:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/06 08:00:20 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/07/04 08:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/07/04 08:31:33 | 000,372,224 | ---- | C] (Intsys) -- C:\Program Files\adc_w32.dll
[2010/07/04 08:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sysinternals Antivirus
[2010/07/02 21:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\otoctrqmg
[2010/06/27 17:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/06/25 17:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/06/24 05:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/06/22 10:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/06/22 10:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/06/21 16:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/21 16:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/17 08:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/10 11:29:30 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NTUSER.DAT
[2010/07/10 11:29:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
[2010/07/10 11:17:16 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
[2010/07/10 11:02:52 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/10 11:01:34 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/09 21:17:12 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/09 21:17:12 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/09 21:17:11 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/09 21:12:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 21:12:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 21:12:34 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/09 21:12:32 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 20:55:59 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/09 20:47:40 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/09 20:31:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 09:35:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
[2010/07/08 20:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 13:18:36 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/08 07:41:27 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/06 13:50:19 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2010/07/06 13:48:05 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/06 12:16:57 | 000,000,160 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/06 12:04:42 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/06 09:45:15 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 09:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/06 09:25:39 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2010/07/06 09:23:01 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/06 09:22:58 | 000,001,871 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
[2010/07/06 09:22:01 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/06 09:13:12 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/06 09:11:25 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/07/06 09:10:37 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/05 17:52:26 | 000,000,003 | ---- | M] () -- C:\Program Files\wp3.dat
[2010/07/05 17:52:24 | 000,000,066 | ---- | M] () -- C:\Program Files\wp4.dat
[2010/07/05 17:40:09 | 000,097,792 | ---- | M] () -- C:\Program Files\alggui.exe
[2010/07/05 17:40:03 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/07/05 11:25:19 | 000,372,224 | ---- | M] (Intsys) -- C:\Program Files\adc_w32.dll
[2010/07/05 09:01:49 | 000,179,200 | ---- | M] () -- C:\pb32.exe
[2010/07/05 09:01:48 | 000,000,000 | ---- | M] () -- C:\Program Files\extra1.dat
[2010/07/05 06:10:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/04 08:32:31 | 000,000,036 | ---- | M] () -- C:\Program Files\skynet.dat
[2010/07/04 08:31:31 | 000,000,009 | ---- | M] () -- C:\Program Files\nuar.old
[2010/07/04 08:31:29 | 000,059,392 | ---- | M] () -- C:\Program Files\svchost.exe
[2010/06/25 06:28:26 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/06/25 06:28:25 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Best of Business Collection.lnk
[2010/06/24 06:44:43 | 000,002,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 University Life Collection.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 20:31:42 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 20:09:27 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/08 13:18:36 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/08 07:42:29 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
[2010/07/06 13:48:05 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/06 13:43:53 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
[2010/07/06 12:27:53 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\LuResult.txt
[2010/07/06 09:40:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 09:25:39 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2010/07/06 09:22:56 | 000,001,871 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
[2010/07/06 09:15:51 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Rhapsody.lnk
[2010/07/06 09:15:50 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk
[2010/07/06 09:15:50 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2010/07/06 09:15:50 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/07/06 09:15:50 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/07/06 09:15:50 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/06 09:15:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/06 09:15:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
[2010/07/06 09:15:41 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\NTUSER.DAT
[2010/07/06 09:15:41 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.dat.LOG
[2010/07/06 09:15:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
[2010/07/06 09:11:20 | 000,002,085 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Latino 3 Meses Incluidos.lnk
[2010/07/06 09:11:20 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 3 Months Included.lnk
[2010/07/06 09:11:20 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010/07/06 09:11:20 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2010/07/06 09:11:20 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Browser.lnk
[2010/07/06 09:11:20 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3 Month Trial AOL Music Now.lnk
[2010/07/06 09:11:20 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken New User Edition 2006.lnk
[2010/07/06 09:11:20 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2010/07/06 09:11:20 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/07/06 09:11:19 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2010/07/06 09:11:19 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My HP Games.lnk
[2010/07/06 09:11:19 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Rhapsody.lnk
[2010/07/06 09:11:12 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/07/05 09:01:49 | 000,179,200 | ---- | C] () -- C:\pb32.exe
[2010/07/05 09:01:48 | 000,000,000 | ---- | C] () -- C:\Program Files\extra1.dat
[2010/07/04 08:31:36 | 000,097,792 | ---- | C] () -- C:\Program Files\alggui.exe
[2010/07/04 08:31:31 | 000,000,036 | ---- | C] () -- C:\Program Files\skynet.dat
[2010/07/04 08:31:31 | 000,000,009 | ---- | C] () -- C:\Program Files\nuar.old
[2010/07/04 08:31:30 | 000,000,003 | ---- | C] () -- C:\Program Files\wp3.dat
[2010/07/04 08:31:29 | 000,059,392 | ---- | C] () -- C:\Program Files\svchost.exe
[2010/07/04 08:31:29 | 000,000,066 | ---- | C] () -- C:\Program Files\wp4.dat
[2010/07/02 05:38:39 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/06/25 06:28:25 | 000,002,139 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Best of Business Collection.lnk
[2010/06/24 06:44:43 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Store Edition.lnk
[2010/06/24 06:44:43 | 000,002,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 University Life Collection.lnk
[2008/11/01 19:31:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
[2008/10/18 13:15:55 | 000,011,380 | ---- | C] () -- C:\WINDOWS\opavudukul.sys
[2008/10/12 21:02:10 | 000,010,921 | ---- | C] () -- C:\WINDOWS\ajutiw.sys
[2008/10/12 21:02:10 | 000,010,831 | ---- | C] () -- C:\WINDOWS\yvivopux.sys
[2007/07/14 08:23:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/07/02 10:04:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/11 15:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/09/17 09:03:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/17 08:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/05 03:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/05 03:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/05 03:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/05 03:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/05 03:20:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/05 03:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 03:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/05 03:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/05 03:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/05 02:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/05 02:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/05 02:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/05 02:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/05 02:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/05 02:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/05 02:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/05 02:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/05 02:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/05 02:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/05 02:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 07:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 04:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 13:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 13:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< %systemroot%\system32\*.sys >
[2004/08/09 21:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/05/05 03:23:33 | 000,012,988 | ---- | M] () -- C:\WINDOWS\system32\CHODDI.SYS
[2004/08/09 21:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/09 21:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/09 21:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/09 21:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/09 21:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/09 21:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/09 21:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/09 21:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/09 21:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/09 21:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/09 21:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/09 21:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/09 21:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/09 21:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/09 21:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/01 22:56:34 | 001,850,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 5:39 pm

< %SYSTEMDRIVE%\*.* >
[2008/08/06 09:14:20 | 002,771,487 | ---- | M] () -- C:\02 - Young Buck - Hip Hop Cant Save My Life.mp3
[2009/11/13 14:48:19 | 006,019,587 | ---- | M] () -- C:\Across the Universe - Hey Jude.mp3
[2009/11/13 15:37:54 | 005,387,605 | ---- | M] () -- C:\Air Gear - BACK-ON - 01. Chain(1).mp3
[2009/11/13 15:45:41 | 003,889,459 | ---- | M] () -- C:\Alanis Morissette - You Learn.mp3
[2008/07/22 15:48:43 | 000,003,445 | -HS- | M] () -- C:\AlbumArtSmall.jpg
[2008/07/22 15:48:43 | 000,015,775 | -HS- | M] () -- C:\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Large.jpg
[2008/07/22 15:48:43 | 000,003,445 | -HS- | M] () -- C:\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Small.jpg
[2008/07/22 15:48:36 | 000,006,929 | -HS- | M] () -- C:\AlbumArt_{E7934039-4872-41E5-A227-2342DBBA64E9}_Large.jpg
[2008/07/22 15:48:36 | 000,002,249 | -HS- | M] () -- C:\AlbumArt_{E7934039-4872-41E5-A227-2342DBBA64E9}_Small.jpg
[2009/11/15 18:53:30 | 002,935,500 | ---- | M] () -- C:\Alvin and The Chipmunks - Witch Doctor(remix).mp3
[2010/02/27 13:47:05 | 000,422,966 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/11/15 18:51:40 | 004,866,146 | ---- | M] () -- C:\asereje ketchup vocaloid.mov
[2009/11/13 14:23:25 | 003,488,456 | ---- | M] () -- C:\Ashlee Simpson - Follow You Wherever You Go.mp3
[2005/08/30 21:02:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/01 18:25:39 | 005,684,072 | ---- | M] () -- C:\Avenged Seven Fold - Almost Easy.mp3
[2009/11/13 14:25:35 | 007,969,246 | ---- | M] () -- C:\Avenged Seven Fold - Bat Country.mp3
[2009/11/13 14:27:31 | 005,533,375 | ---- | M] () -- C:\Avril Lavigne - 04 - The Best Damn Thing.mp3
[2009/11/14 15:51:14 | 003,993,235 | ---- | M] () -- C:\Avril Lavinge - Keep Holding On.mp3
[2009/11/13 13:36:10 | 005,508,646 | ---- | M] () -- C:\back naruto openings heros.mov
[2009/11/14 15:51:28 | 010,523,461 | ---- | M] () -- C:\Beyonce - Halo(1).mp3
[2009/11/13 13:25:36 | 020,784,108 | ---- | M] () -- C:\Beyonce - Single Ladies (Put A Ring On It) OFFICIAL VIDEO.mp4
[2009/11/14 15:51:37 | 007,829,782 | ---- | M] () -- C:\Beyonce - Single Ladies (Put a Ring on it).mp3
[2009/11/13 14:29:49 | 003,683,320 | ---- | M] () -- C:\Black Eyed Peas - Where Is The Love.mp3
[2009/11/13 14:29:59 | 004,025,803 | ---- | M] () -- C:\Black Eyed Peas - Pump It.mp3
[2010/02/01 17:53:24 | 004,373,956 | ---- | M] () -- C:\Bob Marley - Buffalo Solider.mp3
[2010/02/01 17:52:51 | 003,871,812 | ---- | M] () -- C:\Bob Marley - Dont Worry Be Happy.mp3
[2009/11/13 13:34:21 | 005,130,449 | ---- | M] () -- C:\Bob Marley - Red Red Wine(1).mp3
[2008/06/18 11:16:57 | 005,134,545 | ---- | M] () -- C:\Bob Marley - Red Red Wine.mp3
[2009/11/13 14:32:23 | 005,386,035 | ---- | M] () -- C:\BOB MARLEY- red red wine.mp3
[2008/11/15 07:00:40 | 000,009,491 | ---- | M] () -- C:\bold.log
[2010/07/06 09:10:37 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/07/06 09:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/13 14:33:17 | 002,858,872 | ---- | M] () -- C:\Caramell_-_Caramelldansen_(Speedycake_Remix).mp3
[2009/11/13 14:33:41 | 006,269,860 | ---- | M] () -- C:\Celion Dion - A New Day Has Come.mp3
[2009/11/14 15:51:51 | 005,321,832 | ---- | M] () -- C:\Chain- Air Gear opening theme.mp3
[2009/11/14 15:52:01 | 003,370,441 | ---- | M] () -- C:\Chris Brown - Forever.mp3
[2010/02/01 18:17:41 | 003,458,550 | ---- | M] () -- C:\Cindy Lauper - 80s music - Time After Time.mp3
[2009/11/13 15:06:07 | 003,024,695 | ---- | M] () -- C:\Cindy Lauper - Hey Mickey.mp3
[2010/02/01 17:50:36 | 003,675,366 | ---- | M] () -- C:\Cindy Lauper - True Colors.mp3
[2010/02/01 18:18:43 | 003,600,418 | ---- | M] () -- C:\Classical Mozart- In the hall of the Mountain King (techno remix).mp3
[2004/08/09 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/30 21:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/13 15:46:51 | 005,554,176 | ---- | M] () -- C:\Crazy Frog - In Da House.mp3
[2008/11/01 19:30:32 | 000,036,870 | ---- | M] () -- C:\CybDefInstallInfo.log
[2009/11/13 14:36:29 | 003,991,086 | ---- | M] () -- C:\Danity Kane - Damaged.mp3
[2009/11/13 14:35:47 | 003,659,971 | ---- | M] () -- C:\Darude - Sandstorm.mp3
[2008/05/22 17:10:31 | 007,285,252 | ---- | M] () -- C:\Death Note - Near's theme.mp3
[2008/05/22 17:10:51 | 007,281,940 | ---- | M] () -- C:\Death Note OST anime - Near's theme.mp3
[2008/07/22 15:48:44 | 000,000,362 | -HS- | M] () -- C:\desktop.ini
[2010/02/01 18:21:56 | 002,847,873 | ---- | M] () -- C:\DJ Splash - Flying High.mp3
[2009/11/13 13:53:02 | 007,031,490 | ---- | M] () -- C:\Duffy - Mercy(1).mp3
[2009/11/14 15:52:39 | 007,035,959 | ---- | M] () -- C:\Duffy - Mercy.mp3
[2008/08/01 09:44:25 | 005,390,336 | ---- | M] () -- C:\Eiffel 65 - Im Blue (Techno Remix).mp3
[2009/11/13 15:19:08 | 003,578,609 | ---- | M] () -- C:\Eiffle 65 - Im Blue.mp3
[2009/11/13 14:38:53 | 007,737,997 | ---- | M] () -- C:\Eminem - Like Toy Soliders.mp3
[2009/11/13 14:39:58 | 005,609,065 | ---- | M] () -- C:\Enur Feat Natasja - Calabria 2008.mp3
[2009/11/13 15:11:16 | 006,082,668 | ---- | M] () -- C:\Face Drop - Sean Kingston.mp3
[2009/11/14 15:53:02 | 007,668,445 | ---- | M] () -- C:\Fergie - Fergalicious.mp3
[2009/11/13 14:03:40 | 003,804,648 | ---- | M] () -- C:\Final Fantasy X-2 - 1000 Words (True English).mp3
[2009/11/13 14:08:49 | 014,368,366 | ---- | M] () -- C:\Final Fantasy X-2 - Yuna's Concert 1000 Words (English).mp4
[2009/11/14 15:53:16 | 003,498,493 | ---- | M] () -- C:\Flobot-No Handle Bars.mp3
[2009/11/13 14:42:26 | 004,473,061 | ---- | M] () -- C:\Flyleaf I'm So Sick.mp3
[2008/07/22 15:48:43 | 000,015,775 | -HS- | M] () -- C:\Folder.jpg
[2009/11/13 15:48:32 | 003,782,805 | ---- | M] () -- C:\Fort Minor-Where did you Go.mp3
[2008/07/08 19:16:49 | 004,435,902 | ---- | M] () -- C:\Fruits Basket - Opening Theme (Japanese).mp3
[2008/08/21 18:34:09 | 004,165,632 | ---- | M] () -- C:\Gummy Bear Song in English.mpg
[2009/11/13 14:43:33 | 006,012,861 | ---- | M] () -- C:\Gunther - Ding Dong Song.mp3
[2008/06/09 20:42:20 | 734,621,696 | ---- | M] () -- C:\Happy Feet (Full Movie).avi
[2010/02/01 17:47:01 | 010,197,400 | ---- | M] () -- C:\Hatsune Miku - Triple Baka.mp3
[2009/11/13 14:47:02 | 007,041,024 | ---- | M] () -- C:\Heart - Alone.mp3
[2010/02/01 17:49:49 | 004,264,011 | ---- | M] () -- C:\Heart - Baracuda.mp3
[2009/11/13 14:47:37 | 006,215,612 | ---- | M] () -- C:\hellogoodbye - here (in your arms).mp3
[2009/11/13 14:47:35 | 003,944,379 | ---- | M] () -- C:\Hellogoodbye- Here In Your Arms.mp3
[2009/11/13 14:29:15 | 012,697,369 | ---- | M] () -- C:\Hey Jude.mp3
[2010/07/09 21:12:32 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 11:06:52 | 000,083,831 | ---- | M] () -- C:\hpWebHelper.log
[2005/08/30 21:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/07 08:12:44 | 000,000,551 | -H-- | M] () -- C:\IPH.PH
[2009/11/13 14:54:44 | 005,216,983 | ---- | M] () -- C:\Justin Timberlake -Im Bringing Sexy Back.mp3
[2010/02/01 18:11:10 | 003,969,563 | ---- | M] () -- C:\Kanon Wakeshima - Still Doll.MP3
[2010/02/01 18:09:35 | 001,778,861 | ---- | M] () -- C:\Kanon Wakeshima - Suna no Oshiro (Vampire Knight Guilty Ending).mp3
[2009/11/13 14:55:30 | 002,169,646 | ---- | M] () -- C:\Katy Perry - I Kissed A Girl.mp3
[2009/11/13 14:57:53 | 005,286,219 | ---- | M] () -- C:\Keri Hilson - Knock You Down ft. Kanye West & Ne-Yo.mp3
[2009/11/13 14:55:52 | 005,942,397 | ---- | M] () -- C:\Keyshia Cole- Sent from Heaven.mp3
[2009/11/13 14:58:36 | 004,580,359 | ---- | M] () -- C:\Kid Cudi - Day 'N' Night (Crookers Remix).mp3
[2009/11/13 15:49:40 | 004,257,883 | ---- | M] () -- C:\Lady GaGa - Love Games.mp3
[2009/11/13 14:59:19 | 005,223,837 | ---- | M] () -- C:\Lady GaGa - Pokerface.mp3
[2009/11/15 18:50:13 | 005,056,260 | ---- | M] () -- C:\Las Ketchup - Asereje.mp3
[2009/11/14 16:29:12 | 012,442,087 | ---- | M] () -- C:\Last_Night_Good_Night_-_VOCALOID_Miku_Hatsune_-_[findmp3s.com].mp3
[2009/11/14 15:55:41 | 006,125,244 | ---- | M] () -- C:\leona-lewis-bleeding-love.mp3
[2009/11/13 14:59:45 | 004,941,451 | ---- | M] () -- C:\Lil' Wayne- Lollipop ft. Static Major (dirty).mp3
[2009/11/13 15:00:34 | 003,584,907 | ---- | M] () -- C:\Lou Bega - Mambo Number 5.mp3
[2008/08/21 18:37:54 | 013,805,572 | ---- | M] () -- C:\Madagascar - I Like To Move It.mpg
[2009/11/14 16:01:32 | 004,686,064 | ---- | M] () -- C:\Mariah Carey & Whitney Houston - When You Believe.mp3
[2009/11/13 15:02:22 | 006,280,365 | ---- | M] () -- C:\Marilyn Manson - This is the New Shit(1).mp3
[2009/11/14 15:56:05 | 006,283,014 | ---- | M] () -- C:\Marilyn Manson - This is the New Shit.mp3
[2009/11/13 15:02:49 | 004,730,026 | ---- | M] () -- C:\Marylin Manson - Sweet Dreams.mp3
[2008/06/09 18:15:48 | 051,984,240 | ---- | M] () -- C:\michael jackson - billie jean (music video).mpg
[2008/06/09 18:42:36 | 142,731,472 | ---- | M] () -- C:\Micheal Jackson- Thriller (VIDEO).mpg
[2009/11/13 15:04:36 | 005,007,538 | ---- | M] () -- C:\Mindless Self Indulgence - Shut Me Up.mp3
[2005/08/30 21:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/13 13:50:22 | 007,056,195 | ---- | M] () -- C:\Naruto 12th Ending - Parade - Chaba.mp3
[2008/08/27 18:02:05 | 000,283,692 | ---- | M] () -- C:\Naruto 2 Full Movie English.mpg
[2008/07/08 17:52:10 | 000,283,692 | ---- | M] () -- C:\Naruto Episode 132 English.mpg
[2008/07/08 19:19:35 | 003,303,124 | ---- | M] () -- C:\Natasha Bedingfield - Pocket Full Of Sunshine.mp3
[2009/11/13 15:04:59 | 005,776,386 | ---- | M] () -- C:\Natasha Bedingfield- These words are my own.mp3
[2008/05/23 16:07:45 | 004,399,592 | ---- | M] () -- C:\Ne-Yo - So Sick.mp3
[2010/02/01 18:13:24 | 005,430,486 | ---- | M] () -- C:\Nickel Creek - Amazing Grace (Dulcimer, banjo & Fiddle).mp3
[2008/06/04 17:28:18 | 006,504,399 | ---- | M] () -- C:\Nickelback - Savin' Me.mp3
[2008/06/09 17:46:34 | 012,684,574 | ---- | M] () -- C:\No Air-Jordin Sparks ft Chris Brown (Official Video).mp4
[2008/06/09 17:28:32 | 004,231,168 | ---- | M] () -- C:\No Doubt - Don't Speak.mp3
[2004/08/09 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/09 14:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2009/11/13 14:28:52 | 003,028,218 | ---- | M] () -- C:\Oldies - 80s - The Bangles - Manic Monday.mp3
[2009/11/13 15:05:44 | 005,417,522 | ---- | M] () -- C:\ON OFF - Futatsu no Kodou to Akai Tsumi.MP3
[2009/11/13 15:48:31 | 006,444,942 | ---- | M] () -- C:\Owl City - Fireflies.mp3
[2010/07/09 21:12:31 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2010/07/05 09:01:49 | 000,179,200 | ---- | M] () -- C:\pb32.exe
[2009/11/13 15:07:32 | 003,906,281 | ---- | M] () -- C:\Pitbull - 02 - I Know You Want Me.mp3
[2009/11/14 15:57:05 | 009,569,269 | ---- | M] () -- C:\Pitbull - Hotel Room Service.mp3
[2009/11/14 15:58:11 | 005,473,824 | ---- | M] () -- C:\Plies - Definition Of Real - 10 - 1 Day.mp3
[2009/10/15 12:12:13 | 000,000,204 | ---- | M] () -- C:\Plugins
[2008/07/15 16:08:28 | 004,966,601 | ---- | M] () -- C:\Prince - When Doves Cry.mp3
[2009/11/13 15:08:46 | 004,341,885 | ---- | M] () -- C:\Queens of the Stoneage - 3s and 7s.mp3
[2008/06/09 17:30:03 | 000,014,133 | ---- | M] () -- C:\rainyday.jpg
[2009/11/13 15:09:12 | 008,136,740 | ---- | M] () -- C:\Red hot chilie peppers - Snow ((Hey Oh)).mp3
[2009/11/14 15:57:24 | 009,554,182 | ---- | M] () -- C:\Rhianna - Disturbia.mp3
[2008/09/03 15:34:36 | 009,070,098 | ---- | M] () -- C:\Rhianna -Take A Bow.mp3
[2008/09/03 15:12:23 | 017,260,953 | ---- | M] () -- C:\Rihanna - Disturbia (OFFICIAL-VIDEO).mp4
[2008/09/03 15:48:10 | 005,383,224 | ---- | M] () -- C:\Rihanna - Take A Bow Official Real Video HQ.mp4
[2009/11/15 18:54:03 | 003,255,575 | ---- | M] () -- C:\Rin Kagamine (Vocaloid) - Fear Garden.mp3
[2010/07/10 11:16:55 | 000,000,434 | ---- | M] () -- C:\rkill.log
[2009/11/13 15:11:20 | 009,340,670 | ---- | M] () -- C:\Sean Kingston - Fire Burning.mp3
[2009/11/13 15:12:05 | 005,728,941 | ---- | M] () -- C:\September - cry for you (remix).mp3
[2009/11/13 15:12:24 | 005,510,221 | ---- | M] () -- C:\Shaggy - It Wasnt Me.mp3
[2009/11/13 15:12:28 | 003,825,444 | ---- | M] () -- C:\Shaggy-Angel.mp3
[2009/11/13 15:14:44 | 008,759,412 | ---- | M] () -- C:\Shawty Putt- Lil Jon- That Baby Dont Look Like Me.mp3
[2009/11/13 15:15:26 | 004,160,909 | ---- | M] () -- C:\Skillet - Under My Skin.mp3
[2009/11/13 15:48:04 | 003,201,368 | ---- | M] () -- C:\Skillet - Whispers in the Dark.mp3
[2009/11/14 15:58:02 | 003,265,596 | ---- | M] () -- C:\Skillet-Whispers in the Dark.mp3
[2009/11/13 14:51:56 | 006,793,421 | ---- | M] () -- C:\Sonique - It Feels So Good .mp3
[2008/07/15 09:45:23 | 002,206,080 | ---- | M] () -- C:\Switchfoot - You're My Angel.mp3
[2008/10/09 06:35:59 | 000,000,396 | -H-- | M] () -- C:\T4Metrics.log
[2009/11/13 15:48:34 | 002,614,292 | ---- | M] () -- C:\Tainted Love - 1980s - Retro 80's Rock - Soft Cell -.mp3
[2009/11/13 15:48:35 | 004,485,333 | ---- | M] () -- C:\Taylor Swift - Tear Drops on My Guitar.mp3
[2009/11/13 14:29:26 | 006,837,441 | ---- | M] () -- C:\The Betles - hey jude.mp3
[2009/11/13 15:16:32 | 000,908,841 | ---- | M] () -- C:\The Cuppy Cake Song.mp3
[2008/07/31 16:40:23 | 005,483,632 | ---- | M] () -- C:\The Dream - I Luv Your Girl .mp3
[2009/11/13 15:19:12 | 002,283,449 | ---- | M] () -- C:\The Fleetwoods - Mr Blue.mp3
[2008/08/21 18:32:38 | 000,277,054 | ---- | M] () -- C:\The Gummy Bear Song.mpg
[2009/11/13 14:13:36 | 004,676,365 | ---- | M] () -- C:\The Hazzards - Gay Boyfriend.mp3
[2008/07/13 12:19:08 | 002,517,094 | ---- | M] () -- C:\think you can dance bleeding l .mpg
[2009/11/13 15:48:15 | 006,070,861 | ---- | M] () -- C:\Three 6 Mafia - Lolli lolli (pop that body) (feat. Project Pat, Young D and Superpower).mp3
[2008/07/08 19:17:34 | 005,329,802 | ---- | M] () -- C:\Vampire Knight- Futatsu no Kodou to Akai Tsumi.MP3
[2008/03/18 14:23:09 | 000,052,395 | ---- | M] () -- C:\VETlog.dmp
[2008/03/18 14:23:09 | 001,543,147 | ---- | M] () -- C:\VETlog.txt
[2009/11/14 15:55:37 | 002,349,665 | ---- | M] () -- C:\Vocaloid - Len and Rin Kagamine - Kokoro.mp3
[2009/11/13 15:20:36 | 005,429,982 | ---- | M] () -- C:\Vocaloid - Trick or Treat.mp3
[2009/11/14 16:03:10 | 009,781,824 | ---- | M] () -- C:\Vocaloid feat. Hatsune Miku - Love is war.mp3
[2009/11/14 16:04:55 | 005,472,113 | ---- | M] () -- C:\vocaloid gemini.mov
[2010/02/01 18:11:38 | 004,122,977 | ---- | M] () -- C:\Vocaloids - Alice Human Sacrifice(1).mp3
[2010/02/01 18:02:46 | 005,803,858 | ---- | M] () -- C:\Vocaloids - Dark Woods Circus(1).mp3
[2009/01/02 16:05:47 | 000,000,004 | ---- | M] () -- C:\WLCount.Txt
[2008/07/08 19:18:26 | 005,212,640 | ---- | M] () -- C:\Wolf's Rain - Stray (Full).mp3
[2010/02/01 17:54:16 | 005,780,799 | ---- | M] () -- C:\Ying Yang Twins - usa - ft. Pitbull - Shake 19.mp3
[2008/05/20 18:57:40 | 041,046,020 | ---- | M] () -- C:\Yuna 1000 Words Cinematic Movie FMV FFX-2 Final Fantasy X-2 ENGLISH.mpg

< %PROGRAMFILES%\*. >
[2010/02/16 15:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\9Dragons
[2006/05/05 03:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/05/18 16:12:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/07/08 19:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\alot
[2010/02/12 18:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2007/03/15 19:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2008/06/25 10:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0a
[2008/10/05 14:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Anime_Episodes
[2009/01/24 05:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Antivirus 2009
[2008/05/18 16:11:10 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/08/15 11:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/06/21 07:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Deskbar
[2008/06/08 05:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2009/11/09 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/18 05:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Applications
[2009/11/08 08:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Ascentive
[2010/03/21 12:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2006/09/14 16:50:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2009/09/13 16:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/10/15 13:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Audiosurf
[2008/06/04 12:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\AvancePaint
[2009/01/17 08:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/04/17 10:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\aVinci
[2008/10/14 15:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie
[2009/12/01 18:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\BlackMagic Home Edition
[2010/05/26 17:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/09/17 08:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/05/19 14:20:37 | 000,000,000 | ---D | M] -- C:\Program Files\Chatango
[2006/05/05 03:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/05/05 03:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Compaq Connections
[2005/11/11 15:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/08 17:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/06/22 10:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2008/11/01 15:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\CyberDefender
[2008/05/06 14:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\DialIdol.com
[2006/05/05 03:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\DISC
[2006/12/21 14:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2008/09/07 17:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/09 12:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2010/06/25 06:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/06/25 06:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2006/05/05 02:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2009/02/24 16:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2010/02/17 12:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2008/05/16 17:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2009/12/02 15:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\GALA-NET
[2006/05/05 02:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/09/28 13:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2009/08/31 14:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\GIMPshop
[2006/05/05 03:31:52 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/20 15:45:10 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2006/05/05 03:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2006/05/05 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/05/05 03:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2006/05/05 03:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\HP Rhapsody
[2007/03/16 00:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2008/10/12 22:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\InetGet2
[2006/05/05 03:15:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/04/11 14:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/07/06 13:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/26 17:53:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/26 17:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2006/05/05 02:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/11/01 19:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2010/03/21 12:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/04/16 11:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/02/18 04:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2010/02/13 18:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/02/13 12:25:56 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/02/18 04:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2009/11/13 13:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Media Widget
[2010/07/09 20:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/05/05 03:19:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/02/19 01:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/06/08 05:25:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Digital Image 2006
[2005/11/14 18:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/01/08 17:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2006/05/05 03:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2006/05/05 03:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/20 01:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/05/05 03:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/05/05 03:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/05/05 03:18:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/01/18 06:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mjcore
[2010/07/09 20:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/08 20:09:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/21 00:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/11/15 10:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/14 18:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/05/05 03:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2008/03/20 11:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2005/11/14 18:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/15 03:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/15 10:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/24 20:18:06 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2006/05/05 03:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\music_now
[2008/05/15 09:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2010/05/18 14:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/06/17 08:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2005/11/14 18:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/05/05 03:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2008/11/10 16:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Network Monitor
[2008/11/01 18:24:58 | 000,000,000 | ---D | M] -- C:\Program Files\NoAdware
[2010/07/06 13:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2008/10/25 04:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Norton PC Checkup
[2009/12/14 13:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2007/07/07 10:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Nova Development
[2006/05/05 03:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/09 20:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/08/15 11:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\Outspark
[2009/10/15 12:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/12/02 15:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2006/05/05 03:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2006/05/05 03:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2008/05/24 20:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2009/11/01 10:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\PlaySushi
[2009/02/05 12:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\Pointstone
[2009/07/07 08:14:28 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/04/30 14:56:04 | 000,000,000 | ---D | M] -- C:\Program Files\portalgraphics
[2006/05/05 03:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/05/26 17:48:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/05/05 03:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/21 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/02/14 09:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2008/05/26 18:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Riverdeep
[2008/03/20 13:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\RogueRemover PRO
[2010/07/05 17:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\scdata
[2009/12/08 05:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Shared
[2007/06/28 05:52:47 | 000,000,000 | ---D | M] -- C:\Program Files\Shockwave.com
[2006/09/25 01:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\Snood
[2006/05/05 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/11/01 14:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2008/05/08 19:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/07 07:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2006/05/05 03:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/07/04 08:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sysinternals Antivirus
[2010/06/27 17:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/06/27 17:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2008/06/08 05:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2008/12/16 15:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\The Print Shop 20
[2008/01/09 17:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2010/01/27 15:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/11/11 15:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/20 12:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\UTAU
[2008/06/05 18:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/21 18:50:47 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2006/09/15 16:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\VZBB Toolbar
[2009/10/04 14:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Walgreens
[2008/12/21 13:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2008/10/13 16:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\webHancer
[2009/01/18 07:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\Webtools
[2006/05/05 03:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/10/07 08:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinBudget
[2009/06/11 15:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008/06/27 20:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/07/09 20:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2005/11/14 18:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 18:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/11 15:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/13 13:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/15 13:52:36 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/02/04 19:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Wonderland Online
[2010/06/27 17:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\WTouch
[2005/11/14 18:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/07/04 07:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/08/30 13:52:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:disk.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:disk.sys
[2004/08/09 21:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2004/08/09 21:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/09 21:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/09 21:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/09 21:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/11/15 13:02:54 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:usbstor.sys
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/09 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/02/22 18:37:45 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/10/06 15:10:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:usbstor.sys
[2004/08/09 21:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/09 21:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-10 10:02:25

========== Files - Unicode (All) ==========
[2009/11/14 16:24:13 | 000,865,928 | ---- | M] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3
[2009/11/14 16:04:15 | 000,865,928 | ---- | C] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 5:40 pm

Extras.txt[u]

OTL Extras logfile created on: 7/10/2010 11:29:17 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 84.61 Gb Free Space | 37.66% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
Drive E: | 2.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"DISCover" = DISCover
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ie8" = Windows Internet Explorer 8
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WT004602" = Tornado Jockey
"WT005532" = Polar Bowler
"WT005533" = Polar Golfer
"WT005534" = Ricochet Lost Worlds
"WT005537" = Super Granny
"WT005538" = Tradewinds
"WT005540" = Blackhawk Striker 2
"WT005541" = Blasterball 2 Revolution
"WT005542" = Blasterball 2 Remix
"WT005544" = Bounce Symphony
"WT005611" = Tennis Titans
"WT005612" = Family Feud
"WT005613" = Flip Words
"WT005614" = Insaniquarium Deluxe
"WT005615" = Jewel Quest
"WT005616" = Mah Jong Quest
"WT005617" = Mystery Case Files
"WT005618" = Poker Superstars
"WT005619" = SCRABBLE
"WT005620" = Slingo Deluxe
"WT005621" = Alien Outbreak 2
"WT005622" = Fairies
"WT005623" = Snowy The Bears Adventure
"WT005625" = Bejeweled 2 Deluxe
"WT005626" = Big Kahuna Reef
"WT005627" = Bookworm Deluxe
"WT005628" = Chuzzle Deluxe
"WT005629" = Diner Dash
"WT006068" = FATE
"WT006070" = Ancient Sudoku

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/8/2010 11:39:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server returned an invalid or unrecognized response

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/9/2010 11:42:18 PM | Computer Name = YOUR-4DACD0EA75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 7/9/2010 12:33:14 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:33:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:33:45 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:34:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:35:12 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:35:25 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:35:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 12:36:13 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/9/2010 12:41:29 PM | Computer Name = YOUR-4DACD0EA75 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/9/2010 11:46:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB975560).


< End of report >

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 10th July 2010, 6:09 pm

Hi, Smile

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 5577
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [PCDrProfiler] File not found
    O4 - HKLM..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()
    O4 - HKCU..\Run: [ypcaptuk] C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe ()

    :files
    C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud
    C:\pb32.exe
    C:\Program Files\extra1.dat
    C:\Program Files\alggui.exe
    C:\Program Files\skynet.dat
    C:\Program Files\nuar.old
    C:\Program Files\wp3.dat
    C:\Program Files\svchost.exe
    C:\Program Files\wp4.dat
    C:\WINDOWS\yvivopux.sys
    C:\WINDOWS\ajutiw.sys
    C:\WINDOWS\opavudukul.sys

    :commands
    [emptytemp]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

======

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 10th July 2010, 6:44 pm

It did ask me to REBOOT so I did.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 5577 removed from network.proxy.http_port
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ypcaptuk deleted successfully.
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ypcaptuk deleted successfully.
File C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud\dbrxnhltssd.exe not found.
========== FILES ==========
C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\wbivtelud folder moved successfully.
C:\pb32.exe moved successfully.
C:\Program Files\extra1.dat moved successfully.
C:\Program Files\alggui.exe moved successfully.
C:\Program Files\skynet.dat moved successfully.
C:\Program Files\nuar.old moved successfully.
C:\Program Files\wp3.dat moved successfully.
C:\Program Files\svchost.exe moved successfully.
C:\Program Files\wp4.dat moved successfully.
C:\WINDOWS\yvivopux.sys moved successfully.
C:\WINDOWS\ajutiw.sys moved successfully.
C:\WINDOWS\opavudukul.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 709929 bytes
->Temporary Internet Files folder emptied: 17200560 bytes
->FireFox cache emptied: 17590103 bytes
->Flash cache emptied: 585 bytes

User: All Users

User: Compaq_Administrator
->Temp folder emptied: 748681563 bytes
->Temporary Internet Files folder emptied: 1018406511 bytes
->Java cache emptied: 5229747 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75
->Flash cache emptied: 0 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75.000
->Temp folder emptied: 266152575 bytes
->Temporary Internet Files folder emptied: 448184378 bytes
->Java cache emptied: 34915360 bytes
->Flash cache emptied: 45683 bytes

User: Compaq_Administrator.YOUR-4DACD0EA75.001
->Temp folder emptied: 9795161 bytes
->Temporary Internet Files folder emptied: 6598677 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43909091 bytes
->Flash cache emptied: 300 bytes

User: Compaq_AdministratorYOUR-4DACD0EA75

User: Default User
->Temp folder emptied: 709929 bytes
->Temporary Internet Files folder emptied: 810744 bytes

User: Elani
->Temp folder emptied: 51965 bytes
->Temporary Internet Files folder emptied: 309191 bytes
->Flash cache emptied: 300 bytes

User: Elani's
->Temp folder emptied: 893739 bytes
->Temporary Internet Files folder emptied: 5948082 bytes
->FireFox cache emptied: 3501250 bytes
->Flash cache emptied: 2605858 bytes

User: Elani.YOUR-4DACD0EA75
->Temp folder emptied: 9369316240 bytes
->Temporary Internet Files folder emptied: 2240252016 bytes
->Java cache emptied: 19610340 bytes
->FireFox cache emptied: 65019394 bytes
->Flash cache emptied: 315119 bytes

User: Elani.YOUR-4DACD0EA75.000
->Temp folder emptied: 2674497841 bytes
->Temporary Internet Files folder emptied: 1207748679 bytes
->Java cache emptied: 36368816 bytes
->Flash cache emptied: 174793 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 14052380 bytes
->Flash cache emptied: 596 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 108195118 bytes
->Java cache emptied: 2476 bytes
->Flash cache emptied: 56206 bytes

User: pat
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58707 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 376182173 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 709929 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 810744 bytes
RecycleBin emptied: 114024899 bytes

Total Files Cleaned = 17,986.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07102010_141333

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=81957[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=29652[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=76420[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z5DH9DOM\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=549907;tvch=59952749;u=tvch=59952749,tvvid=549907,page=21003206;tile=1;ord=49459[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\UZMRA16Z\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=13;tvvid=30244209;tvch=265258008;u=tvch=265258008,tvvid=30244209,page=21003206;tile=1;ord=72092[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\UZMRA16Z\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=68788[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1V8TGZQ\;sexy=false;publisher=Jahmel15;videopermalink=v3303156BG8r4xT2;filter=on;age18+=no;ucategory=Animation;intel=true;pos=right;tile=1;sz=300x250;veohtv=no;pcategory=;sexy=f[1] not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\U1V8TGZQ\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=8282989;tvch=174952687;u=tvch=174952687,tvvid=8282989,page=21003206;tile=1;ord=91920[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\R06E6Q30\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=22677[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\R06E6Q30\click,jgIAAGmGBADVxQoAE6kDAAIAAAAAAP8AAAAHDQIAAgKSrgEAOYcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfz20cAAAAA,http%3A%2F[1].com%2Fmika%2Flollipop%2Flyrics%2F41531172,;ord=1205597015 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\;kw=Phyllis+Reynolds+Naylor;tid=12021543;scat=;pcat=literature;pos=2;tile=3;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;cs[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=549907;tvch=59952749;u=tvch=59952749,tvvid=549907,page=21003206;tile=1;ord=82857[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\PGONX185\dref=http%253A%252F%252Fwww.[1].com%252Fusers%252FJouninShinobi%252Fquizzes%252FWhat%252520Naruto%252520Character%252520Character%252520are%252520You%252520Most%252520Like%252F not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\M9B4MSPZ\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=543960;tvch=59952749;u=tvch=59952749,tvvid=543960,page=21003206;tile=1;ord=39590[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;kw=Phyllis+Reynolds+Naylor;scat=;pcat=literature;pos=6;tile=6;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=1964;csrc=[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;scat=;pcat=literature;kw=Phyllis+Reynolds+Naylor;pos=3;tile=4;sz=728x90;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=1964;csrc=2[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;sexy=true;publisher=Jahmel15;videopermalink=v3303156BG8r4xT2;filter=on;veohtv=no;login=no;intel=true;pcategory=;age18+=no;ucategory=Animation;pos=bottom;tile=3;sz=728x9[1] not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\GH6FO9QR\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=22600515;tvch=54308200;u=tvch=54308200,tvvid=22600515,page=21003206;tile=1;ord=68659[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8T8V034B\;dcopt=ist;kw=Phyllis+Reynolds+Naylor;scat=;pcat=literature;pos=1;tile=1;sz=300x250;csrc=2772;csrc=2769;csrc=2741;csrc=2611;csrc=2273;csrc=2323;csrc=1966;csrc=2572;csrc=[1].htm not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LAZ09IF\click,jgIAAG6GBADVxQoAE6kDAAIAAAAAAP8AAAAHDQIAAgKSrgEAOYcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAErz20cAAAAA,http%3A%2F%2Fus.ard[1].com%2Fartist%2Flyrics%2F39443083,;ord=1205597002 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4LAZ09IF\dref=http%253A%252F%252Fm[1].reply%2526friendId%253D9321910%2526type%253DInbox%2526messageID%253D258256043%2526fed%253DTrue%2526MyToken%253Db2dc484a-26cd-44ee-a3f0-77314ce6d2d7 not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=23915154;tvch=102480794;u=tvch=102480794,tvvid=23915154,page=21003206;tile=1;ord=98358[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=543960;tvch=59952749;u=tvch=59952749,tvvid=543960,page=21003206;tile=1;ord=78028[1].asx not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\2D864QG9\dref=http%253A[1].com%252Fusers%252Forangepearlvoice%252Fquizzes%252Fwhat%252520mermaid%252520melody%252520character%252520are%252520you%25253F%252520%2528girls%2521%2529%252F not found!
File\Folder C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TYJGH6N\;sz=400x400;agr=0;gen=M;page=21003206;pos=mrec;tvvc=2;tvvid=21711799;tvch=54308200;u=tvch=54308200,tvvid=21711799,page=21003206;tile=1;ord=79133[1].asx not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\7YCALV3UK8CAS470DQCAO347DOCA1SODMLCAW9SLP6CA60GHNDCA89BE1PCAZA4STDCAYXJY9RCAR79QATCAY881STCA8AQKT8CAEQ0VNTCAYU9G3UCA12XY54CA6QT5LQCAE4QVB8CA4Y4G3VCAF1XJGTCAA0WU5ZCALG1NOE not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\AACAAJVP5MCASCX9KDCARO2NJPCALACNCKCARSESM6CABD4LN8CAOLV6U1CAAK8OUJCA2X7QNWCAEQVUDJCAXOYOTHCAU2WP4CCADK4LF3CAY8GPX5CAZR6GR2CASBISLCCARORFU3CAWAUBG2CAV43QBRCAMGBM52CAQ14WZP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\C2CAL742VCCAXOOYNMCABJI899CAOPM42PCA95LU2MCAB8SPOWCAUR6PQOCAUH9Y2ICAMRDML0CA61C3CECAJBD3K7CAW9CSHZCAAVFMBPCA23UPHICAM9R94XCA9KPUWECAU9KRK8CA4D7QJUCA7DZMDRCAMNMOYPCARCTBG9 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\CSCASSDYSQCA33FFGACA26207QCAQ5KHWNCAZKICR0CAVGS6MSCA1PWH6ICAJOIW05CAJ97HF0CAPJ3TEVCAW2651DCAY07M7YCA1VLIZCCAXX5ELFCAT76R02CA5DWFO3CAXSO7RVCA78GVUVCARUFFRHCA2C7XG2CA0FHAHD not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\promo3;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_5;tile=5;ord=3629686073997818[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\RDCAK5DQZSCAJ2R4LUCAQQEACQCATI62ZSCAPXO6MZCATSLJMNCAAWNH44CA98AY31CAHZZ9AOCA6Q8V19CAE2DQ11CA9X0XJECAQ2KDKFCA5ASHR6CAMFQ6KLCA9DWL22CAY56YJYCAPA58P7CA3IAD9WCAFFTGBOCAZUD77L not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\SICAVEA4NPCAA0O6ASCA3LCCIVCANHQXQZCAT1NH72CAFOEVXECASJ4DK0CAI9GOENCAM0LMV7CA2RAF8PCA9ETHF7CACD32ZZCALLKK0XCARFZA80CAQ7BDL1CAFM9VP4CAM7R7EUCAC0UAHLCAN53KD5CASHOERMCAKWCB42 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\Z1CAFJEU2FCAU5LPSDCA54DIMCCA64CAT0CAW9A8XDCAZ8IMEICA18WR3TCATEMC3RCAQP7HQBCAIP37NHCAU2SKFQCAR7W8RECAXGJV10CAJRMVH7CAG306Z7CAH3RIKVCA9XTBE6CANG9PGRCA0PDMEOCA45ZO6KCARSMC5R not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\ZSCA1859M0CAYFM9UKCAP2ZD7PCALF1SSACA6OPIIZCA4C04CUCAAYLMQBCAMU8V5YCA3TP217CA24KH0ACAMPNGARCAGIHTLBCA7UICK4CAMOO1UHCAV6TYXSCAX2AHDMCA63YIIICAK7S8YACAOJRBVICATKH8YBCAKTWDJC not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\TF473GIP\ZVCAVP56PSCA9T6RTLCAWA0O7QCAW4W9P3CAQ8LOFTCA8QR5SOCABUAA6OCAKAQVVQCAME1GR0CALAXXUWCAYB06ESCAR5PJG8CAEFACMYCAP3GGIUCAOWTMVGCA6TKHGICAAIUX8DCAB8FL02CAS6TKZ3CAN24QXFCAPDQDQH not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\8ECANO79RPCAFO0Y3LCA9ZWP1NCAW1FJUICAEFG9Y8CA9L80R2CA5XJQZ6CABT6QNYCAJGL3QMCA2PDMG1CA8R4NCOCATV7QQGCAE3N97SCA01D969CATWOEF5CAT401HTCAUMALONCAAAV8QJCA9Y7IH8CARJAH4BCA2PC87Z not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\promo1;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_3;tile=3;ord=9496988669000552[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\W1CAEJ7IBJCANDHJNQCAFQ5PUXCAU5JJWECAJ06R70CAIQ1FKSCAT8FA1GCAV95HF0CA6LN1HTCA4JR751CATVPF3VCAEYZEEFCARFJANMCAGSP8YXCAHX0ZYPCAST632CCAF1KZAWCATKWXSXCAZS1VNHCA12EPUOCA1M7332 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\JS9E1S6P\_default;sz=960x250,960x110;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=429815789715274[1].htm not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\0YCAQCNPM3CA8OV6NFCAJRY5XNCAS6YHJECAIB42JUCA452WZ8CALR1Y1LCAR4X0TMCAJ2MLDQCACVTO9BCAKCIMCPCAP21J7VCAORPCXKCAUATRXNCAKLFZ5XCAO5CRF8CAXR02GKCA0P03WXCA2I8OS7CASBY5LICA2KK3UP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\2VCAQEYZTZCAH8EDAECAN5Y8M8CA1PC7UJCAF7DQVUCAOW3E42CA3RBLSLCAI6LTQZCAY43BP7CABFHNEICA1ZEDIECAPO39QBCA5F7MKOCAPIKSIFCAHNGUESCAXIK7ETCAW05BTTCAKCFNRWCAZFM3KSCABJLKV1CAHQ26KD not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\7FCA3V74RBCAUFFMK0CA60KH50CA5U4VB7CA11BHNFCAV864K9CATTDFOTCAFQPP9HCANIF0MLCAPPB2B3CAEKHQ5KCANVS846CA0SJTAFCAO2YCERCAOZ31PRCAJEELMRCA5NUWM3CA02ZK5OCAYRRZ23CA0QPFM6CAEE1YK3 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\8TCAKOTVP3CA3BNROZCAF214H7CA30BUXSCAT6H58TCAE8KPBWCAH46KF9CA2VQ19GCAAEK9XSCAXM2094CA9CJR84CA9XMG6XCALX5HWTCANX73B3CAW2DERDCA3NJWPDCAFLOM2LCA66H0JICADMJVAFCA2MB9Q5CAJVIWKM not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\BVCAFTZSTWCAU8E6V5CAKROIHWCARZ7LHXCAFHGMYVCABC6IVICA7TU1SWCAQFYT4ACAF8PUF3CAM0OWU4CA70HZ0OCAJ8DH92CADF3TB2CAQD0EIECARCELZ3CAMTQW8ACA8DFTCHCAR5D3L9CAJKDJHOCAN6THK5CAN3FH7D not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\GRCA7N7Z6BCAXBSE4ECAIQV590CA06F38JCA0YVAC6CAJRAS43CAQI4LP3CA8BV29NCATQ0D26CAN7NZ0QCAQMOGS7CAE32KGJCAPT4U3PCA0EIJYKCA5CPFO8CAU35T2OCA738MN5CAVQVJHLCAAJHS4UCAOD2QHJCA75K65F not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\IQCAUJWLAZCAFNQBSLCAGYHUWSCAL7L5NSCAB2WHPPCANY6VEUCAE7POO6CA7YS7BWCALROF7VCAXA6QVBCAAXQY41CAC3YGD4CARM4UIICA21BTOACAL8TV7HCAFRYX1DCAD1J7M0CAL2FTFPCAL3T2RBCAD47C3CCAEQJPRN not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\K1CABCHGG4CALUP7D7CADV6V3DCABKTY9MCAFFV0WSCABBOOCDCA3YWLKPCAZU0JRNCAFGOM43CAGR2K5XCACII7A9CA8K7CCNCARJWLF4CARZP2IICAJ04KYXCAHJJY1ACA69RDX0CAXG9F0VCA491WNVCAA6XDSWCA05Q0DT not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\NXCAVMOKEPCAL47OEGCARHACWQCATC08E3CA95KPXNCASZ3QF1CAR01M5PCA2DAQIFCAF112SGCA4HN65RCA0AXFKLCAOJJ9LHCAOXOV8FCA41KHE5CASNKROCCA552M8KCAKWGT5ZCAL687ZBCAAFU7OZCA3J1BSSCAT7RSK6 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\QHCAVZ9B74CAFBPTGWCAH96JRRCAVY9CKUCAUY0403CAPRNZ3CCA3G9O3TCAT6SY60CAZY4M3QCAF8P9SRCADZMQE7CAL9H16NCAIQRTF6CAAYTHECCAIM1RDJCA3OP6F9CA8D1DK0CAUA2SOQCA021G4WCACU69WNCAZQXNFY not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\SHCAIJU6LUCAVRLYWZCA5SH8E1CAJE8Y1BCAVTQGPACA9Y2AJUCAEAR4ZDCA1Q2Z1KCAWJKTM6CA9H2PEACAVKBJ36CAAPR4ESCA62XPEWCAZ2VSWACA90HQ4YCAKJ18COCAP9LJGQCAY3KHD1CARRYPRCCA8QYGRUCA5DVUR1 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\USCAGP08FBCA38DVDYCAHYR87MCAN9F2U2CAI1OJXUCA21J9WBCA2A9VWWCAFLZGIACARTPN4CCAQZLQ0KCAMYCODVCA0HYROVCA2OUS7ZCAW76YBPCARBAOLGCA1HYXE6CAT6TBUICAZXEGI6CAFDVLMRCAQRNNHDCAXPSDAP not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\WHCAH6ROFYCACXII6ICA8NLN2RCA0XTQNQCAW8B15TCAGIQ45WCAVSL5J6CAG523MYCABRSASCCA3H1YTYCAWAXZ4XCA4A7DTCCAMP8HN4CA0S430NCA3M6093CAA8HIIPCAMGHY0ECA8ZAX0KCACBIQPMCA0T9Q6TCASXX1X5 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\B02Y1L05\YTCA4F5DP1CAJODW8XCAK6IZWUCA3TOORECA8ENPMUCA5476PCCACXP10PCAC72NUJCAOY9B69CANP3FKXCAWE5KINCAQ711TYCAKJ5K9CCAB3XKG2CAH73HY6CA9OG2C9CAJPT67QCAIVRKW8CAVRY4OZCAH0KXBDCARCTAHC not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\2WCA1PHQOQCAXPQW5ACASXL9XHCAXXWOB1CADQ7GBACA8SLVT6CA1NKCOUCAAZKJ7HCAYU5PIOCABSKMDTCA2WRD20CAEYXK5OCAKKSUWNCAV9SMGPCA6JNVA6CAXF555OCA6EBUR1CAQ9SP93CA1PS32WCAX1PE62CAKI3D75 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\3CCA70MHORCAOES5JXCAGMQRI7CAHPG4XGCA1H436PCAGD072MCANB63S7CAO7KFASCAOTG7FQCARW8O9YCAIADDGTCA7BBZM5CA1YVZWZCAY0GTBCCAN0RNTHCA0S6VXMCADIDOA0CAGSWI84CAURDQ1KCAZ4C1PHCAS82A4L not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\3CCAIK972MCAZKW9EUCAPQ0M22CAQRB9EZCA55X8SBCADRK28LCAK40UBDCAW31KQ8CA1TU834CA5JYH0CCAX4DQY2CAMIBZ9CCAC5TIKUCAJJUXXKCA853QN2CA6UAGG5CA5DVUK2CAAS21SUCAPDPK8PCA7TB50CCA1SA6UQ not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\DctMTFkZS04NTM2LTAwMWU2ODQ5ZWY5ZgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.myyearbook.com%2F%2Fajax%2Fsecretadmirers%2Fmatch_ads_top[1].php%3Fmybt%3D1250305223031,;ord=1250305227 not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\FCCAVYO64WCAARZQ8QCAWNE3ILCA4F8JI8CAJ8OWAQCALHV6MJCAHMSSIRCAFXJY2ICADH0SO8CAX2MNH8CA4ICWMICAZVAUC2CA5BIZ3GCARS7KUPCAD92IA7CA65LQG6CA88SGK1CAEXDHQRCAXZIG7LCANMFB2ZCAK2CQ1Z not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\promo2;sz=300x50,300x100;kl=N;kga=1001;kar=3;klg=en;kage=20;kgg=2;kt=U;kcr=us;kgender=f;dc_dedup=1;kmyd=ad_creative_4;tile=4;ord=9576259428295160[1] not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\QTCA20WHCGCAEIHISVCAUCXI3CCAZ4DY7CCAPOK22FCAQTDMYSCAQGBWRKCAGGV15XCAYW5EF8CAS18PO6CA7IPDLDCAMZO9E7CAQ6TQ5NCAHFOI9WCA0MXKKHCAI75TT6CAPPU770CAEY291TCA1KWFOFCAJML0DUCAG81M0M not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\RSCA2LZOE0CAC2C9FRCATYBMUSCAMFNW06CADQHZ7ACAMI9F3YCAW9AFVHCAR1I041CAHAULO7CAFY6NTNCA26GR8ECA02M4BSCAQ2ROF5CA3GAGHOCAS35V51CA7VQJXHCA0G8BFICAPL3CX4CA6SHKPZCAHCQ7R7CAFOMQ5A not found!
File\Folder C:\Documents and Settings\Elani.YOUR-4DACD0EA75\Local Settings\Temp\Temporary Internet Files\Content.IE5\AFGVMWPY\V8CAJ1VEMRCAFUZJ4BCAE96F81CAQRN6VMCAOJQHMDCAU4KBI6CAVY4DBECAH4KRISCAA06828CAWM0UZACA745288CAQCJRGVCAUDNK58CA1UZX33CACCAPHQCAJ0YS56CA1VL3H9CAID915QCADIIS6ICAZQIT4MCAU9JJBG not found!

Registry entries deleted on Reboot...

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 11th July 2010, 12:26 am

Hi, Smile

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 11th July 2010, 3:48 pm

Somehow I thought I understood that you only run ComboFix if the step before it didn't work so I left my daughter's without doing it. When I got home and reread it I realized that I hadn't finished but it was too late at nighht to go back. It looked like Windows Recovery Console was something I should have on my own computer so I ran it. It was late at night when I did it and I got tired while waiting for it to run (commy.exe) so I went to bed. This morning it looked like the computer rebooted but when I signed on it continued searching and produced a log, which I've saved. So now my problem is that when I try to get onto the internet (IE & Firefox) it says that an Illegal operation was attempted on a registry key that has been marked for deletion. I thought I saved the log to the desktop so I just searched for it, thought I found it and sent it to the flash drive so I could send it now. When I tried to open it on the laptop the file had nothing in it. I went back to my computer and when I try to open it, I get the same error message. I tried searching in Safe Mode and the file doesn't show up. I tried rebooting into Safe Mode with networking to see if I could get on the internet and now I can't even get into Safe Mode. I'm afraid I've really messed up. Is there any hope? Thank you again for your time.

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 11th July 2010, 5:49 pm

Hi, Smile

Not sure about that error, I saw someone with that error yesterday, I doubt the machine is borked, but it is nothing I can't fix. Big Grin I will ask my instructors about it when they get on MSN.

As for now, lets continue on, with the removal.

First reboot and try to go into normal mode, if not go into safe mode with networking and try this:

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 11th July 2010, 6:55 pm

Hi, Smile

Scratch those instructions, please open System restore, you can do this by going to 'Run' and type 'System Restore' and there should be a restore point ComboFix made, please go back to that restore point and see if you still get the error.


Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 11th July 2010, 11:51 pm

when i download Combofix it didn't give me the option to change its name and didn't appear on my desktop but i can run it (XP) what should i do ?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 11th July 2010, 11:56 pm

Do you still get the "Illegal operation error"?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 12th July 2010, 7:43 pm

"illegal operation error"? I don't get it on either machine. I thought I had replied and asked if I should do do the ComboFix thing but now I don't see that post. Should I still follow the directions for that, on my daughter's machine?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 12th July 2010, 11:10 pm

Hi, Smile

Try running this on the infected machine:

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 19th July 2010, 2:29 pm

I have been unable to work on my daughter's computer so I had her try to work on it. She is having a problem completing the last step (ComboFix). She can't seem to rename it and when she tries to run it nothing happens. I will have time to go over there later today but just in case I am not successful I wanted to know if there is something else I can do? Thanks again!

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 19th July 2010, 7:25 pm

Hi, Smile

Don't worry about renaming it, you can just run it as is.



I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 20th July 2010, 8:47 pm

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 16:12:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.404 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\desktop.ini
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090224190429656.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224174848890.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224175755546.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224185902312.log
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Application Data\alot
c:\documents and settings\Compaq_Administrator\Application Data\AntiSpywareBot
c:\documents and settings\Compaq_Administrator\Application Data\DriveCleaner Freeware
c:\documents and settings\Compaq_Administrator\Application Data\FunWebProducts
c:\documents and settings\Compaq_Administrator\Favorites\Mp3 Download.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Download programs.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Games.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Translator.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Videos.url
c:\documents and settings\Elani.YOUR-4DACD0EA75\Start Menu\Antivirus 2009
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\Desktop\Sysinternals Antivirus.lnk
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\adc_w32.dll
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\Antivirus 2009
c:\program files\Common Files\miwu
c:\program files\Common Files\miwu\miwua.lck
c:\program files\Common Files\miwu\miwud\class-barrel
c:\program files\Common Files\miwu\miwud\vocabulary
c:\program files\Common Files\miwu\miwuh
c:\program files\Common Files\miwu\miwul.lck
c:\program files\Common Files\miwu\miwum.lck
c:\program files\CyberDefender
c:\program files\CyberDefender\AntiSpyware\config.ini
c:\program files\CyberDefender\AntiSpyware\WsLiveUpdateHost.ini
c:\program files\CyberDefender\AntiSpyware\wslvucfg.ini
c:\program files\CyberDefender\cdinstx.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\01F1633C.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\0003AEFE
c:\program files\MyWebSearch\bar\Cache\0015113F
c:\program files\MyWebSearch\bar\Cache\00151F59.bin
c:\program files\MyWebSearch\bar\Cache\001523CD.bin
c:\program files\MyWebSearch\bar\Cache\00152583.bin
c:\program files\MyWebSearch\bar\Cache\001527C5.bin
c:\program files\MyWebSearch\bar\Cache\00153504.bin
c:\program files\MyWebSearch\bar\Cache\001543C9
c:\program files\MyWebSearch\bar\Cache\005ADDE6.bin
c:\program files\MyWebSearch\bar\Cache\005ADF4E.bin
c:\program files\MyWebSearch\bar\Cache\005AECBB.bin
c:\program files\MyWebSearch\bar\Cache\005AEECF.bin
c:\program files\MyWebSearch\bar\Cache\00AEF483.bin
c:\program files\MyWebSearch\bar\Cache\00AEF6E4.bin
c:\program files\MyWebSearch\bar\Cache\00AF04BF.bin
c:\program files\MyWebSearch\bar\Cache\00AF0646.bin
c:\program files\MyWebSearch\bar\Cache\02AFC3EE
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\network monitor
c:\program files\scdata
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\program files\Sysinternals Antivirus
c:\program files\Sysinternals Antivirus\Sysinternals Antivirus.exe
c:\program files\webhancer
c:\program files\webhancer\Programs\license.txt
c:\program files\webhancer\Programs\readme.txt
c:\program files\webhancer\Programs\sporder.dll
c:\program files\webhancer\Programs\whagent.ini
c:\program files\webhancer\Programs\whinstaller.exe
c:\program files\WinBudget
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\IA
c:\windows\wiaserviv.log
c:\windows\xpsp1hfm.log
c:\windows\yfet.scr
D:\Autorun.inf

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-07-03 04:24 . 2010-07-03 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-18 20:15 . 2008-10-18 20:15 14391 ----a-w- c:\program files\Common Files\opyribu.sys
2008-10-18 20:15 . 2008-10-18 20:15 13450 ----a-w- c:\program files\Common Files\nebyg.bat
2008-10-13 04:02 . 2008-10-13 04:02 15307 ----a-w- c:\program files\Common Files\ganejum.bin
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 16:44:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 23:44

Pre-Run: 110,372,380,672 bytes free
Post-Run: 110,892,453,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 52B007B13D31A68CBEF864736E701995

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 20th July 2010, 9:31 pm

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\opyribu.sys
    c:\program files\Common Files\nebyg.bat
    c:\program files\Common Files\ganejum.bin

    Folder::
    c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg

    Reboot::


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=========

Please visit [You must be registered and logged in to see this link.]


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 20th July 2010, 10:24 pm

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 17:46:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.559 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt

FILE ::
"c:\program files\Common Files\ganejum.bin"
"c:\program files\Common Files\nebyg.bat"
"c:\program files\Common Files\opyribu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
c:\program files\Common Files\ganejum.bin
c:\program files\Common Files\nebyg.bat
c:\program files\Common Files\opyribu.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 18:20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 01:20
ComboFix2.txt 2010-07-20 23:44

Pre-Run: 110,901,092,352 bytes free
Post-Run: 110,878,707,712 bytes free

- - End Of File - - A5ECA361E22C782F742FB7B3F63051A5

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 20th July 2010, 10:59 pm

Hi, Smile

Did you run this through Virustotal: c:\windows\system32\ntoskrnl.exe?

If so I need that report.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 20th July 2010, 11:17 pm

Say what? Did you tell me somewhere how to do that?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 20th July 2010, 11:22 pm

Hi, Smile

Yes I did, you must have missed it. Goofy

Please visit [You must be registered and logged in to see this link.]


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 20th July 2010, 11:48 pm


File has already been analysed:
MD5: 048db3459fab4ca741dcc84e1f374d65
First received: 2010.04.15 13:06:13 UTC
Date: 2010.06.24 16:32:08 UTC [>26D]
Results: 0/40
Permalink: analisis/1c6a1663a3c7119a02df9fc4ea2ef80a8bf92f6cae05b9df1822af2b7a22e48d-1277397128

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 21st July 2010, 2:17 am

Hi, Smile

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 21st July 2010, 2:52 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4335

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2010 10:51:22 AM
mbam-log-2010-07-21 (10-51-22).txt

Scan type: Quick scan
Objects scanned: 208561
Time elapsed: 19 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\sytucy.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 21st July 2010, 5:48 pm

Hi, Smile

Could you please run ComboFix again and post the log here. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 21st July 2010, 10:13 pm

ComboFix 10-07-21.01 - Compaq_Administrator 07/21/2010 17:44:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 00:09 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-22 00:05 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-21 23:49 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-21 03:13 . 2010-07-06 18:04 148672 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-09-26 00:52 . 2006-09-26 00:52 50736 c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe

2006-10-23 12:50 . 2006-10-23 12:50 71216 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe

2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-03-11 20:04 . 2007-03-11 20:04 208946 c:\program files\IncrediMail\bin\bak\IncMail.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-08-03 02:18 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-05-10 16:32 . 2006-05-10 16:32 69632 c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2004-08-10 03:04 . 2005-09-29 21:01 67584 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\ehtray.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-21 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-21 18:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 01:11
ComboFix2.txt 2010-07-21 01:20
ComboFix3.txt 2010-07-20 23:44

Pre-Run: 114,363,400,192 bytes free
Post-Run: 114,388,627,456 bytes free

- - End Of File - - 41688340D15CD92EB41B17951D597807

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 21st July 2010, 11:45 pm

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    AWF::
    c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe
    c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\IncrediMail\bin\bak\IncMail.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
    c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\ehome\bak\ehtray.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 23rd July 2010, 12:49 am

ComboFix 10-07-22.01 - Compaq_Administrator 07/22/2010 15:54:52.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.577 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:42 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-22 19:20 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S2 0128751279826439mcinstcleanup;McAfee Application Installer Cleanup (0128751279826439);c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0128751279826439MCINSTCLEANUP
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-22 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-22 20:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 03:39
ComboFix2.txt 2010-07-22 01:11
ComboFix3.txt 2010-07-21 01:20
ComboFix4.txt 2010-07-20 23:44

Pre-Run: 113,398,984,704 bytes free
Post-Run: 113,384,787,968 bytes free

- - End Of File - - A2F5367C81D9D4666FA357D52BAF0C04

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 23rd July 2010, 4:50 am

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\windows\Tasks\RegCure.job
    c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

    Folder::
    c:\program files\RegCure

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 4

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 28th July 2010, 12:23 am

ComboFix 10-07-26.04 - Compaq_Administrator 07/27/2010 18:40:58.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.392 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll"
"c:\windows\Tasks\RegCure.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-27 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-27 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-27 20:20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 03:20
ComboFix2.txt 2010-07-24 19:46
ComboFix3.txt 2010-07-23 03:40
ComboFix4.txt 2010-07-22 01:11
ComboFix5.txt 2010-07-24 19:50

Pre-Run: 113,350,451,200 bytes free
Post-Run: 113,347,366,912 bytes free

- - End Of File - - 244713D38100EF07080A458E3D33BD97

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 28th July 2010, 4:26 am

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    c:\program files\Common Files\Real\Update_OB\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    c:\program files\HP\HP Software Update\hpwuSchd2.exe
    c:\program files\iTunes\iTunesHelper.exe
    c:\program files\QuickTime\QTTask.exe
    c:\windows\SMINST\Recguard.exe
    c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    MBR::

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 30th July 2010, 1:17 pm

ComboFix 10-07-29.02 - Compaq_Administrator 07/30/2010 8:48.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.551 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll"
"c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
"c:\program files\Common Files\Real\Update_OB\realsched.exe"
"c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
"c:\program files\HP\HP Software Update\hpwuSchd2.exe"
"c:\program files\iTunes\iTunesHelper.exe"
"c:\program files\QuickTime\QTTask.exe"
"c:\windows\SMINST\Recguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\QuickTime\QTTask.exe
c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 16:03 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-07-30 16:03 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Recguard - c:\windows\SMINST\RECGUARD.EXE
HKLM-Run-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPwuSchd2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-30 09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-30 09:15:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 16:15
ComboFix2.txt 2010-07-28 03:20
ComboFix3.txt 2010-07-24 19:46
ComboFix4.txt 2010-07-23 03:40
ComboFix5.txt 2010-07-30 15:41

Pre-Run: 113,240,338,432 bytes free
Post-Run: 113,226,493,952 bytes free

- - End Of File - - 4D640DDA3A5D2AF718F590C4CB705BAA

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 30th July 2010, 7:04 pm

Hi.

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on 1st August 2010, 2:40 am

When I open ESET it says:
IMPORTANT: Before installing ESET Smart Security 4 you must uninstall your existing antivirus solution.
Click here to access the list of uninstallers for common antivirus programs.

Do I need to uninstall McAfee before I run this scan or can I just deactivate it?

mjomisko
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2010-07-09
OS OS : vista
Points Points : 24071
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on 1st August 2010, 3:56 am

Nah, please do this instead.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56124
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on 9th August 2010, 11:56 pm

    I am having trouble doing this. First, when I click the Kaspersky website link there is a hand that has like a yellow "splat" on it with an exclamation point on it so the link didn't work. I went to the Kaspersky website and found the Free Scan but nothing happens so I'm downloading the 30-day trial. It doesn't seem right since I already have McAfee running but I don't know what else to do. I have the pop-up blocker turned off.

    mjomisko
    Intermediate
    Intermediate

    Posts Posts : 53
    Joined Joined : 2010-07-09
    OS OS : vista
    Points Points : 24071
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on 10th August 2010, 12:04 am

    Hi.

    Uninstall Kasperksy for now, as it will interfere with the scans.

    Please run [You must be registered and logged in to see this link.] online scan.

    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56124
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on 10th August 2010, 12:16 pm

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-08-10 08:15:48
    PROTECTIONS: 1
    MALWARE: 51
    SUSPECTS: 7
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee Anti-Virus and Anti-Spyware No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@trafficmp[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@atdmt[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@tradedoubler[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@fastclick[2].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@tribalfusion[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@mediaplex[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@7search[1].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[3].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@clickbank[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@ccbill[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@ccbill[1].txt
    00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00167637 Cookie/Socalcoeds TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@socalcoeds[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[5].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[2].txt
    00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@gangbangsquad[1].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[3].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@outster[2].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[2].txt
    00167691 Cookie/ademails TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@xiti[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@gostats[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@gostats[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[4].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[7].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statcounter[2].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[4].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[6].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[10].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[5].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[7].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[8].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@burstnet[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@bs.serving-sys[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@weborama[1].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@stat.onestat[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@advertising[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@statse.webtrendslive[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@www5.addfreestats[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[3].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xxxcounter[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[3].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[5].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[3].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[1].txt
    00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@did-it[1].txt
    00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www3.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[2].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[3].txt
    00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@drivecleaner[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[3].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@citi.bridgetrack[2].txt
    00377802 Spyware/PeoplePC Spyware No 0 Yes No c:\program files\online services\peoplepc\isp5900\dll\ras.dll
    00447834 Adware/Lop Adware No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp17\a0010262.dll
    00450614 Adware/2Search Adware No 0 No No c:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe[ppctoolbar.dll]
    00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go.drivecleaner[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[1].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@registrydefender[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@enhance[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@enhance[1].txt
    03173354 Application/FunWeb HackTools No 0 Yes No c:\qoobox\quarantine\c\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir
    03173354 Application/FunWeb HackTools No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp32\a0021366.dll
    03983016 Generic Malware Virus/Trojan No 0 Yes No c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\9ce7168.msi[unk_0117]
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\1791b3a7.msi[unk_0117]
    06792792 Adware/SysinternalsAntivirus Adware No 0 Yes No c:\_otl\movedfiles\07102010_141333\c_\pb32.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\program files\avancepaint\effects\special gray.exe
    No c:\program files\avancepaint\effects\wave.exe
    No c:\program files\online services\msn90\pkgs\en\us\msncli.exe[c:\program files\online services\msn90\pkgs\en\us\msncli.exe][mailares.dll]
    No c:\qoobox\quarantine\c\program files\regcure\regcure.exe.vir
    No c:\qoobox\quarantine\c\program files\regcure\uninst.exe.vir
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024743.exe
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024744.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    219822 HIGH MS10-021
    217842 HIGH MS10-015
    971486 HIGH MS09-058
    ;===================================================================================================================================================================================

    mjomisko
    Intermediate
    Intermediate

    Posts Posts : 53
    Joined Joined : 2010-07-09
    OS OS : vista
    Points Points : 24071
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on 10th August 2010, 8:41 pm

    Hi.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:

      :Files
      c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
      c:\windows\installer\9ce7168.msi
      c:\windows\installer\1791b3a7.msi

      :commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56124
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on 14th August 2010, 9:17 pm

    All processes killed
    ========== FILES ==========
    c:\program files\compaq connections\5577497\program\Interop.SHDocVw.dll moved successfully.
    c:\windows\installer\9ce7168.msi moved successfully.
    c:\windows\installer\1791b3a7.msi moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Temp folder emptied: 104374929 bytes
    ->Temporary Internet Files folder emptied: 129029635 bytes
    ->Java cache emptied: 128234 bytes
    ->FireFox cache emptied: 42861330 bytes
    ->Flash cache emptied: 5251 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Elani
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Temp folder emptied: 23935944 bytes
    ->Temporary Internet Files folder emptied: 9229602 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 154843791 bytes
    ->Flash cache emptied: 76789 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65854 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 114688 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 443.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Flash cache emptied: 0 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Elani
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: pat

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 08142010_170257

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\Perflib_Perfdata_c24.dat not found!
    C:\Documents and Settings\Elani's\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...

    mjomisko
    Intermediate
    Intermediate

    Posts Posts : 53
    Joined Joined : 2010-07-09
    OS OS : vista
    Points Points : 24071
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum