wuauclt.exe is infected

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue Jul 20, 2010 8:47 pm

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 16:12:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.404 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\desktop.ini
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090224190429656.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224174848890.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224175755546.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224185902312.log
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Application Data\alot
c:\documents and settings\Compaq_Administrator\Application Data\AntiSpywareBot
c:\documents and settings\Compaq_Administrator\Application Data\DriveCleaner Freeware
c:\documents and settings\Compaq_Administrator\Application Data\FunWebProducts
c:\documents and settings\Compaq_Administrator\Favorites\Mp3 Download.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Download programs.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Games.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Translator.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Videos.url
c:\documents and settings\Elani.YOUR-4DACD0EA75\Start Menu\Antivirus 2009
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\Desktop\Sysinternals Antivirus.lnk
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\adc_w32.dll
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\Antivirus 2009
c:\program files\Common Files\miwu
c:\program files\Common Files\miwu\miwua.lck
c:\program files\Common Files\miwu\miwud\class-barrel
c:\program files\Common Files\miwu\miwud\vocabulary
c:\program files\Common Files\miwu\miwuh
c:\program files\Common Files\miwu\miwul.lck
c:\program files\Common Files\miwu\miwum.lck
c:\program files\CyberDefender
c:\program files\CyberDefender\AntiSpyware\config.ini
c:\program files\CyberDefender\AntiSpyware\WsLiveUpdateHost.ini
c:\program files\CyberDefender\AntiSpyware\wslvucfg.ini
c:\program files\CyberDefender\cdinstx.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\01F1633C.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\0003AEFE
c:\program files\MyWebSearch\bar\Cache\0015113F
c:\program files\MyWebSearch\bar\Cache\00151F59.bin
c:\program files\MyWebSearch\bar\Cache\001523CD.bin
c:\program files\MyWebSearch\bar\Cache\00152583.bin
c:\program files\MyWebSearch\bar\Cache\001527C5.bin
c:\program files\MyWebSearch\bar\Cache\00153504.bin
c:\program files\MyWebSearch\bar\Cache\001543C9
c:\program files\MyWebSearch\bar\Cache\005ADDE6.bin
c:\program files\MyWebSearch\bar\Cache\005ADF4E.bin
c:\program files\MyWebSearch\bar\Cache\005AECBB.bin
c:\program files\MyWebSearch\bar\Cache\005AEECF.bin
c:\program files\MyWebSearch\bar\Cache\00AEF483.bin
c:\program files\MyWebSearch\bar\Cache\00AEF6E4.bin
c:\program files\MyWebSearch\bar\Cache\00AF04BF.bin
c:\program files\MyWebSearch\bar\Cache\00AF0646.bin
c:\program files\MyWebSearch\bar\Cache\02AFC3EE
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\network monitor
c:\program files\scdata
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\program files\Sysinternals Antivirus
c:\program files\Sysinternals Antivirus\Sysinternals Antivirus.exe
c:\program files\webhancer
c:\program files\webhancer\Programs\license.txt
c:\program files\webhancer\Programs\readme.txt
c:\program files\webhancer\Programs\sporder.dll
c:\program files\webhancer\Programs\whagent.ini
c:\program files\webhancer\Programs\whinstaller.exe
c:\program files\WinBudget
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\IA
c:\windows\wiaserviv.log
c:\windows\xpsp1hfm.log
c:\windows\yfet.scr
D:\Autorun.inf

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-07-03 04:24 . 2010-07-03 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-18 20:15 . 2008-10-18 20:15 14391 ----a-w- c:\program files\Common Files\opyribu.sys
2008-10-18 20:15 . 2008-10-18 20:15 13450 ----a-w- c:\program files\Common Files\nebyg.bat
2008-10-13 04:02 . 2008-10-13 04:02 15307 ----a-w- c:\program files\Common Files\ganejum.bin
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 16:44:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 23:44

Pre-Run: 110,372,380,672 bytes free
Post-Run: 110,892,453,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 52B007B13D31A68CBEF864736E701995

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Tue Jul 20, 2010 9:31 pm

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\opyribu.sys
    c:\program files\Common Files\nebyg.bat
    c:\program files\Common Files\ganejum.bin

    Folder::
    c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg

    Reboot::


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=========

Please visit [You must be registered and logged in to see this link.]


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue Jul 20, 2010 10:24 pm

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 17:46:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.559 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt

FILE ::
"c:\program files\Common Files\ganejum.bin"
"c:\program files\Common Files\nebyg.bat"
"c:\program files\Common Files\opyribu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
c:\program files\Common Files\ganejum.bin
c:\program files\Common Files\nebyg.bat
c:\program files\Common Files\opyribu.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 18:20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 01:20
ComboFix2.txt 2010-07-20 23:44

Pre-Run: 110,901,092,352 bytes free
Post-Run: 110,878,707,712 bytes free

- - End Of File - - A5ECA361E22C782F742FB7B3F63051A5

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Tue Jul 20, 2010 10:59 pm

Hi, Smile

Did you run this through Virustotal: c:\windows\system32\ntoskrnl.exe?

If so I need that report.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue Jul 20, 2010 11:17 pm

Say what? Did you tell me somewhere how to do that?

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Tue Jul 20, 2010 11:22 pm

Hi, Smile

Yes I did, you must have missed it. Goofy

Please visit [You must be registered and logged in to see this link.]


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Tue Jul 20, 2010 11:48 pm


File has already been analysed:
MD5: 048db3459fab4ca741dcc84e1f374d65
First received: 2010.04.15 13:06:13 UTC
Date: 2010.06.24 16:32:08 UTC [>26D]
Results: 0/40
Permalink: analisis/1c6a1663a3c7119a02df9fc4ea2ef80a8bf92f6cae05b9df1822af2b7a22e48d-1277397128

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed Jul 21, 2010 2:17 am

Hi, Smile

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed Jul 21, 2010 2:52 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4335

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2010 10:51:22 AM
mbam-log-2010-07-21 (10-51-22).txt

Scan type: Quick scan
Objects scanned: 208561
Time elapsed: 19 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\sytucy.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed Jul 21, 2010 5:48 pm

Hi, Smile

Could you please run ComboFix again and post the log here. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed Jul 21, 2010 10:13 pm

ComboFix 10-07-21.01 - Compaq_Administrator 07/21/2010 17:44:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 00:09 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-22 00:05 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-21 23:49 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-21 03:13 . 2010-07-06 18:04 148672 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-09-26 00:52 . 2006-09-26 00:52 50736 c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe

2006-10-23 12:50 . 2006-10-23 12:50 71216 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe

2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-03-11 20:04 . 2007-03-11 20:04 208946 c:\program files\IncrediMail\bin\bak\IncMail.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-08-03 02:18 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-05-10 16:32 . 2006-05-10 16:32 69632 c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2004-08-10 03:04 . 2005-09-29 21:01 67584 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\ehtray.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-21 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-21 18:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 01:11
ComboFix2.txt 2010-07-21 01:20
ComboFix3.txt 2010-07-20 23:44

Pre-Run: 114,363,400,192 bytes free
Post-Run: 114,388,627,456 bytes free

- - End Of File - - 41688340D15CD92EB41B17951D597807

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed Jul 21, 2010 11:45 pm

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    AWF::
    c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe
    c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\IncrediMail\bin\bak\IncMail.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
    c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\ehome\bak\ehtray.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Fri Jul 23, 2010 12:49 am

ComboFix 10-07-22.01 - Compaq_Administrator 07/22/2010 15:54:52.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.577 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:42 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-22 19:20 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S2 0128751279826439mcinstcleanup;McAfee Application Installer Cleanup (0128751279826439);c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0128751279826439MCINSTCLEANUP
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-22 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-22 20:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 03:39
ComboFix2.txt 2010-07-22 01:11
ComboFix3.txt 2010-07-21 01:20
ComboFix4.txt 2010-07-20 23:44

Pre-Run: 113,398,984,704 bytes free
Post-Run: 113,384,787,968 bytes free

- - End Of File - - A2F5367C81D9D4666FA357D52BAF0C04

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Fri Jul 23, 2010 4:50 am

Hi, Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\windows\Tasks\RegCure.job
    c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

    Folder::
    c:\program files\RegCure

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 4

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed Jul 28, 2010 12:23 am

ComboFix 10-07-26.04 - Compaq_Administrator 07/27/2010 18:40:58.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.392 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll"
"c:\windows\Tasks\RegCure.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-27 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-27 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-27 20:20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 03:20
ComboFix2.txt 2010-07-24 19:46
ComboFix3.txt 2010-07-23 03:40
ComboFix4.txt 2010-07-22 01:11
ComboFix5.txt 2010-07-24 19:50

Pre-Run: 113,350,451,200 bytes free
Post-Run: 113,347,366,912 bytes free

- - End Of File - - 244713D38100EF07080A458E3D33BD97

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed Jul 28, 2010 4:26 am

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    c:\program files\Common Files\Real\Update_OB\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    c:\program files\HP\HP Software Update\hpwuSchd2.exe
    c:\program files\iTunes\iTunesHelper.exe
    c:\program files\QuickTime\QTTask.exe
    c:\windows\SMINST\Recguard.exe
    c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    MBR::

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Fri Jul 30, 2010 1:17 pm

ComboFix 10-07-29.02 - Compaq_Administrator 07/30/2010 8:48.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.551 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll"
"c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
"c:\program files\Common Files\Real\Update_OB\realsched.exe"
"c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
"c:\program files\HP\HP Software Update\hpwuSchd2.exe"
"c:\program files\iTunes\iTunesHelper.exe"
"c:\program files\QuickTime\QTTask.exe"
"c:\windows\SMINST\Recguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\QuickTime\QTTask.exe
c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 16:03 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-07-30 16:03 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Recguard - c:\windows\SMINST\RECGUARD.EXE
HKLM-Run-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPwuSchd2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-30 09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-30 09:15:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 16:15
ComboFix2.txt 2010-07-28 03:20
ComboFix3.txt 2010-07-24 19:46
ComboFix4.txt 2010-07-23 03:40
ComboFix5.txt 2010-07-30 15:41

Pre-Run: 113,240,338,432 bytes free
Post-Run: 113,226,493,952 bytes free

- - End Of File - - 4D640DDA3A5D2AF718F590C4CB705BAA

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Fri Jul 30, 2010 7:04 pm

Hi.

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun Aug 01, 2010 2:40 am

When I open ESET it says:
IMPORTANT: Before installing ESET Smart Security 4 you must uninstall your existing antivirus solution.
Click here to access the list of uninstallers for common antivirus programs.

Do I need to uninstall McAfee before I run this scan or can I just deactivate it?

mjomisko
Intermediate
Intermediate

Status :
Online
Offline

Posts : 53
Joined : 2010-07-09
OS : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun Aug 01, 2010 3:56 am

Nah, please do this instead.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Mon Aug 09, 2010 11:56 pm

    I am having trouble doing this. First, when I click the Kaspersky website link there is a hand that has like a yellow "splat" on it with an exclamation point on it so the link didn't work. I went to the Kaspersky website and found the Free Scan but nothing happens so I'm downloading the 30-day trial. It doesn't seem right since I already have McAfee running but I don't know what else to do. I have the pop-up blocker turned off.

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Tue Aug 10, 2010 12:04 am

    Hi.

    Uninstall Kasperksy for now, as it will interfere with the scans.

    Please run [You must be registered and logged in to see this link.] online scan.

    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Tue Aug 10, 2010 12:16 pm

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-08-10 08:15:48
    PROTECTIONS: 1
    MALWARE: 51
    SUSPECTS: 7
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee Anti-Virus and Anti-Spyware No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@trafficmp[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@atdmt[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@tradedoubler[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@fastclick[2].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@tribalfusion[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@mediaplex[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@7search[1].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[3].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@clickbank[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@ccbill[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@ccbill[1].txt
    00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00167637 Cookie/Socalcoeds TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@socalcoeds[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[5].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[2].txt
    00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@gangbangsquad[1].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[3].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@outster[2].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[2].txt
    00167691 Cookie/ademails TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@xiti[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@gostats[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@gostats[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[4].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[7].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statcounter[2].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[4].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[6].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[10].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[5].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[7].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[8].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@burstnet[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@bs.serving-sys[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@weborama[1].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@stat.onestat[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@advertising[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@statse.webtrendslive[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@www5.addfreestats[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[3].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xxxcounter[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[3].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[5].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[3].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[1].txt
    00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@did-it[1].txt
    00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www3.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[2].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[3].txt
    00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@drivecleaner[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[3].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@citi.bridgetrack[2].txt
    00377802 Spyware/PeoplePC Spyware No 0 Yes No c:\program files\online services\peoplepc\isp5900\dll\ras.dll
    00447834 Adware/Lop Adware No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp17\a0010262.dll
    00450614 Adware/2Search Adware No 0 No No c:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe[ppctoolbar.dll]
    00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go.drivecleaner[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[1].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@registrydefender[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@enhance[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@enhance[1].txt
    03173354 Application/FunWeb HackTools No 0 Yes No c:\qoobox\quarantine\c\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir
    03173354 Application/FunWeb HackTools No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp32\a0021366.dll
    03983016 Generic Malware Virus/Trojan No 0 Yes No c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\9ce7168.msi[unk_0117]
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\1791b3a7.msi[unk_0117]
    06792792 Adware/SysinternalsAntivirus Adware No 0 Yes No c:\_otl\movedfiles\07102010_141333\c_\pb32.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\program files\avancepaint\effects\special gray.exe
    No c:\program files\avancepaint\effects\wave.exe
    No c:\program files\online services\msn90\pkgs\en\us\msncli.exe[c:\program files\online services\msn90\pkgs\en\us\msncli.exe][mailares.dll]
    No c:\qoobox\quarantine\c\program files\regcure\regcure.exe.vir
    No c:\qoobox\quarantine\c\program files\regcure\uninst.exe.vir
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024743.exe
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024744.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    219822 HIGH MS10-021
    217842 HIGH MS10-015
    971486 HIGH MS09-058
    ;===================================================================================================================================================================================

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Tue Aug 10, 2010 8:41 pm

    Hi.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:

      :Files
      c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
      c:\windows\installer\9ce7168.msi
      c:\windows\installer\1791b3a7.msi

      :commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sat Aug 14, 2010 9:17 pm

    All processes killed
    ========== FILES ==========
    c:\program files\compaq connections\5577497\program\Interop.SHDocVw.dll moved successfully.
    c:\windows\installer\9ce7168.msi moved successfully.
    c:\windows\installer\1791b3a7.msi moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Temp folder emptied: 104374929 bytes
    ->Temporary Internet Files folder emptied: 129029635 bytes
    ->Java cache emptied: 128234 bytes
    ->FireFox cache emptied: 42861330 bytes
    ->Flash cache emptied: 5251 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Elani
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Temp folder emptied: 23935944 bytes
    ->Temporary Internet Files folder emptied: 9229602 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 154843791 bytes
    ->Flash cache emptied: 76789 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65854 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 114688 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 443.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Flash cache emptied: 0 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Elani
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: pat

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 08142010_170257

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\Perflib_Perfdata_c24.dat not found!
    C:\Documents and Settings\Elani's\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Sun Aug 15, 2010 6:14 am

    Hi.

    How is your computer running now?


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sun Aug 15, 2010 11:24 am

    So much better than when we started this process. The only thing left is this pop-up when it's rebooted "uncdms.dll not being found. I understand it's associated with Windows Desktop Search but I don't know how to fix it.

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Sun Aug 15, 2010 2:12 pm

    Hi.

    Could you please run OTL again and post the log here, I know what is causing the error to pop up.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Mon Aug 16, 2010 11:57 pm

    All processes killed
    ========== FILES ==========
    File\Folder c:\program files\compaq connections\5577497\program\interop.shdocvw.dll not found.
    File\Folder c:\windows\installer\9ce7168.msi not found.
    File\Folder c:\windows\installer\1791b3a7.msi not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Temp folder emptied: 1291877 bytes
    ->Temporary Internet Files folder emptied: 7287557 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 14131408 bytes
    ->Flash cache emptied: 615 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Temp folder emptied: 25132970 bytes
    ->Temporary Internet Files folder emptied: 292654 bytes
    ->Java cache emptied: 4619 bytes
    ->FireFox cache emptied: 103245161 bytes
    ->Flash cache emptied: 11670 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65988 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 836872 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 145.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Flash cache emptied: 0 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Elani
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: pat

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 08162010_195119

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DF167E.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DF16CD.tmp not found!
    C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DF4A12.tmp moved successfully.
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD229.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD268.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD316.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD43E.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD504.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFD571.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEB01.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEB15.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEB44.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEB58.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEC6F.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFEC8F.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFECC1.tmp not found!
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\~DFECD5.tmp not found!
    C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temporary Internet Files\Content.IE5\BH9ETTCX\wuaucltexe-is-infected-t22609-45[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
    File\Folder C:\Documents and Settings\Elani's\Local Settings\Temp\flaD6.tmp not found!
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Elani's\Local Settings\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\XUL.mfl moved successfully.

    Registry entries deleted on Reboot...

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Tue Aug 17, 2010 4:22 am

    Hi.

    Could you please run OTL again without doing any of the fixes.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Mon Aug 23, 2010 9:26 pm

    I have done it without running the fixes

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Mon Aug 23, 2010 10:27 pm

    Hi.

    Could you please post the log here.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sat Aug 28, 2010 2:51 pm

    OTL logfile created on: 8/28/2010 10:42:11 AM - Run 2
    OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 455.00 Mb Available Physical Memory | 47.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.68 Gb Total Space | 103.80 Gb Free Space | 46.20% Space Free | Partition Type: NTFS
    Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 1.84 Gb Total Space | 0.91 Gb Free Space | 49.29% Space Free | Partition Type: FAT
    I: Drive not present or media not loaded

    Computer Name: YOUR-4DACD0EA75
    Current User Name: Compaq_Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/07/24 17:00:02 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/07/24 16:59:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
    PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
    PRC - [2010/03/10 15:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\MSC\McUICnt.exe
    PRC - [2010/03/10 14:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/05/05 03:24:23 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    PRC - [2006/03/16 02:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
    PRC - [2006/03/16 02:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2006/03/16 02:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
    PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
    PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
    MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2006/05/05 03:24:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/01/24 19:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://igoogle.com"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/21 15:40:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 10:17:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 21:54:26 | 000,000,000 | ---D | M]

    [2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Extensions
    [2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\extensions
    [2010/08/28 09:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/02 21:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/14 17:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/22 12:17:05 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010/08/16 19:51:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100721153340.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
    O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/28 08:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
    [2010/08/28 08:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    [2010/08/14 17:01:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/08/14 17:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/08/14 17:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/08/09 20:24:13 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
    [2010/08/09 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/08/09 19:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    [2010/08/02 21:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/02 21:54:26 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2010/08/02 21:54:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/08/01 21:33:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/01 20:34:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
    [2010/08/01 20:34:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
    [2010/08/01 20:34:05 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
    [2010/08/01 20:34:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
    [2010/08/01 20:34:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
    [2010/07/30 09:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

    ========== Files - Modified Within 30 Days ==========

    [2010/08/28 10:39:35 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
    [2010/08/28 10:02:49 | 016,183,808 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_5_Pres.ppt
    [2010/08/28 09:24:20 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.dat
    [2010/08/27 19:02:32 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/27 17:20:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
    [2010/08/26 14:51:28 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
    [2010/08/26 14:51:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/26 14:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/26 14:51:07 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/26 07:47:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
    [2010/08/26 07:46:55 | 008,534,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_1_Pres.ppt
    [2010/08/21 10:02:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/16 19:51:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/08/14 16:55:49 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\Shortcut to OTL.lnk
    [2010/08/14 16:33:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/11 14:06:37 | 000,461,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 03:04:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/30 09:21:01 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2010/07/30 09:03:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

    ========== Files Created - No Company Name ==========

    [2010/08/28 10:02:44 | 016,183,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_5_Pres.ppt
    [2010/08/25 08:15:15 | 008,534,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_1_Pres.ppt
    [2010/08/14 16:55:49 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\Shortcut to OTL.lnk
    [2010/08/09 19:40:09 | 000,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
    [2010/08/09 13:41:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/15 12:00:46 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/11/01 19:31:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
    [2007/07/14 08:23:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
    [2007/07/02 10:04:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/04/11 15:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
    [2006/12/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
    [2006/09/17 09:03:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/09/17 08:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/05/05 03:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/05 03:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/05/05 03:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/05/05 03:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/05/05 03:20:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/05/05 03:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/05 03:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/05/05 03:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/05/05 03:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/05/05 02:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/05/05 02:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/05/05 02:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/05/05 02:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/05/05 02:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/05/05 02:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/05/05 02:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/05/05 02:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/05/05 02:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/05/05 02:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/05/05 02:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
    [2004/07/26 07:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

    ========== Files - Unicode (All) ==========
    [2009/11/14 16:24:13 | 000,865,928 | ---- | M] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3
    [2009/11/14 16:04:15 | 000,865,928 | ---- | C] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Mon Aug 30, 2010 1:17 am

    Hi.

    Is the error still popping up?


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sat Sep 11, 2010 4:01 pm

    Yes, it is still popping up. Here is the log from running OTL just now.

    OTL logfile created on: 9/11/2010 11:52:50 AM - Run 3
    OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 53.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.68 Gb Total Space | 98.35 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
    Drive D: | 8.18 Gb Total Space | 0.18 Gb Free Space | 2.15% Space Free | Partition Type: FAT32
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 1.84 Gb Total Space | 0.88 Gb Free Space | 47.67% Space Free | Partition Type: FAT
    I: Drive not present or media not loaded

    Computer Name: YOUR-4DACD0EA75
    Current User Name: Compaq_Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/09/08 16:30:42 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/09/08 16:30:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
    PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/05/05 03:24:23 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    PRC - [2006/03/16 02:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
    PRC - [2006/03/16 02:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2006/03/16 02:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
    PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
    PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/10 11:20:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\OTL.exe
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2006/05/05 03:24:20 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/03 14:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/03 14:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/01/24 19:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://igoogle.com"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/21 15:40:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 16:30:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 16:30:47 | 000,000,000 | ---D | M]

    [2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Extensions
    [2010/07/08 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\extensions
    [2010/09/11 08:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/02 21:54:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/14 17:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/07/22 12:17:05 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2010/08/16 19:51:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100721153340.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
    O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
    O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/30 21:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/03 20:45:20 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
    [2010/08/28 12:32:34 | 000,445,504 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
    [2010/08/14 17:01:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/08/14 17:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/08/14 17:01:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/09/11 11:56:50 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
    [2010/09/11 11:46:14 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
    [2010/09/11 11:46:05 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/09/11 11:45:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/11 11:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/11 11:45:38 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
    [2010/09/11 11:44:22 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.dat
    [2010/09/11 11:44:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\ntuser.ini
    [2010/09/11 08:35:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
    [2010/09/06 18:12:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/03 20:45:20 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
    [2010/08/28 15:27:23 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/28 12:48:59 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Double Deluxe.lnk
    [2010/08/28 10:02:49 | 016,183,808 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_5_Pres.ppt
    [2010/08/26 07:46:55 | 008,534,016 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_1_Pres.ppt
    [2010/08/21 10:02:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/16 19:51:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/08/14 16:55:49 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\Shortcut to OTL.lnk

    ========== Files Created - No Company Name ==========

    [2010/08/28 12:48:59 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Double Deluxe.lnk
    [2010/08/28 10:02:44 | 016,183,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_5_Pres.ppt
    [2010/08/25 08:15:15 | 008,534,016 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\FA10_Ch_1_Pres.ppt
    [2010/08/14 16:55:49 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\Shortcut to OTL.lnk
    [2010/07/15 12:00:46 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2008/11/01 19:31:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\sssTbarV2.ini
    [2007/07/14 08:23:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\Pex.INI
    [2007/07/02 10:04:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/04/11 15:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
    [2006/12/22 19:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
    [2006/09/17 09:03:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/09/17 08:00:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/05/05 03:48:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/05 03:27:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/05/05 03:23:33 | 000,012,988 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/05/05 03:23:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/05/05 03:20:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/05/05 03:19:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/05 03:09:54 | 000,000,160 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/05/05 03:08:38 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/05/05 03:02:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/05/05 02:59:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/05/05 02:59:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/05/05 02:59:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/05/05 02:59:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/05/05 02:59:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/05/05 02:59:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/05/05 02:59:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/05/05 02:57:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/05/05 02:37:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/05/05 02:37:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/05/05 02:37:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/05 21:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/08/02 23:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
    [2004/07/26 07:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

    ========== Files - Unicode (All) ==========
    [2009/11/14 16:24:13 | 000,865,928 | ---- | M] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3
    [2009/11/14 16:04:15 | 000,865,928 | ---- | C] ()(C:\?Miku Hatsune?Vegetable juice Po Pi Po? ?VOCALOID?.mp3) -- C:\【Miku Hatsune】Vegetable juice Po Pi Poー 【VOCALOID】.mp3

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Sat Sep 11, 2010 11:21 pm

    Hi.
    Look in Add/Remove Programs for Windows Desktop Search 4.0. If you don't see it, then check the box at the top which says "Show Updates" and it should show up there, then delete it and tell me if it still occurs.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Fri Sep 24, 2010 1:15 pm

    This thread has gotten so long and you have been so patient but this computer has an even bigger problem after all we've done to it. Yesterday my granddaughter said that she turned on the computer and as it was rebooting her cat jumped on the keyboard. She read something about it rebooting and panicked and tried to hit the ESC key. Whether this is anything close to the truth or not, I will never know but I know that she would never intentionally destroy the machine that she cherishes. That being said, when I went over and turned on the machine, it said that it detected new hardware and started trying to install the printer and there was a pop-up mentioning something about the AmdK8.sys file. The desktop background looks like the original screen as do the icons. I figured it must have somehow taken it back to factory settings so we would have to start over. I tried to get an internet connection (ended up with Verizon DSL tech support and they determined that there is a problem with the network adapters so they said to call HP. In Device Manager under processors it says "unknown device". I believe there was a total of 4 yellow exclamation points. HP said that since the machine isn't under warranty they would be able to fix it for a fee or they could sell her a brand new computer for $300. I can't see putting too much into a 4 year-old computer but my daughter is in school and needs the internet connection and she doesn't have the money for a new computer. Just for the heck of it I tried going into Add/Remove and there were a whole bunch of game type programs in there that they no longer use and I thought we had removed. If it went back to factory settings, how could they be there? Also I tried to do a System Restore and the only point was the time that I got there and turned it on. Now I'm wondering if it's possible that it didn't actually get reset to factory setting but if it could be a virus or something else. Any and all help will definitely be appreciated. I again thank you for your patience and support.

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Fri Oct 01, 2010 9:46 pm

    Hi.

    Sorry for the delay.

    I don't think it was set back to factory settings, but probably booted into debug mode, safe mode, etc.

    Have you tried rebooting?


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sat Oct 02, 2010 12:05 am

    You mean like turning it off and back on? Yes, a number of times. The earliest restore point goes back to the day it happened and no earlier.

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Sat Oct 02, 2010 12:11 am

    Hi.

    Is there a way you can send me a screenshot of the desktop? Print Screen + Paste in Paint then save as jpg, then upload it to tinypic.com and post here.


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sun Oct 03, 2010 11:21 pm

    I ended up doing a system recovery because so much time and effort has been put into this computer that I thought it was time to give up. I very much appreciate all the time you have given me. Thanks for your patience and guidance. Mary j

    mjomisko
    Intermediate
    Intermediate

    Status :
    Online
    Offline

    Posts : 53
    Joined : 2010-07-09
    OS : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Tue Oct 05, 2010 1:43 am

    You're welcome, sorry I couldn't get it fixed for you. :/


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Status :
    Online
    Offline

    Posts : 2707
    Joined : 2010-01-10
    Gender : Male
    OS : Windows 7 Ultimate 64-bit

    View user profile

    Back to top Go down

    Page 1 of 2 1, 2  Next

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum