wuauclt.exe is infected

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

wuauclt.exe is infected

Post by mjomisko on Sat 10 Jul 2010, 1:14 am

First topic message reminder :

My daughter's computer (running XP) has multiple problems and is unusable at the moment. I see two pop-ups on it. One says wuauclt.exe is infected and the other says discstreamhub.exe is infected. I'm not sure but I don't think this is all that is wrong with it. I just registered on this site and have done a little of the intro reading about how to get started. Should I worry about Adobe and Java being updated before we begin working on her computer? Also, should everything done, while trying to fix it, be done in Safe Mode?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down


Re: wuauclt.exe is infected

Post by mjomisko on Wed 21 Jul 2010, 7:47 am

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 16:12:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.404 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\desktop.ini
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090224190429656.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224174848890.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224175755546.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224185902312.log
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Application Data\alot
c:\documents and settings\Compaq_Administrator\Application Data\AntiSpywareBot
c:\documents and settings\Compaq_Administrator\Application Data\DriveCleaner Freeware
c:\documents and settings\Compaq_Administrator\Application Data\FunWebProducts
c:\documents and settings\Compaq_Administrator\Favorites\Mp3 Download.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Download programs.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Games.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Translator.url
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Videos.url
c:\documents and settings\Elani.YOUR-4DACD0EA75\Start Menu\Antivirus 2009
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\LocalService\Desktop\Sysinternals Antivirus.lnk
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus
c:\documents and settings\LocalService\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\pat\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\adc_w32.dll
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\Antivirus 2009
c:\program files\Common Files\miwu
c:\program files\Common Files\miwu\miwua.lck
c:\program files\Common Files\miwu\miwud\class-barrel
c:\program files\Common Files\miwu\miwud\vocabulary
c:\program files\Common Files\miwu\miwuh
c:\program files\Common Files\miwu\miwul.lck
c:\program files\Common Files\miwu\miwum.lck
c:\program files\CyberDefender
c:\program files\CyberDefender\AntiSpyware\config.ini
c:\program files\CyberDefender\AntiSpyware\WsLiveUpdateHost.ini
c:\program files\CyberDefender\AntiSpyware\wslvucfg.ini
c:\program files\CyberDefender\cdinstx.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\01F1633C.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\common-x.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\common.css
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\include.js
c:\program files\MyWebSearch\bar\Avatar\COMMON\index.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loader.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\loading.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\logo.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
c:\program files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
c:\program files\MyWebSearch\bar\Avatar\COMMON\window.ico
c:\program files\MyWebSearch\bar\Cache\0003AEFE
c:\program files\MyWebSearch\bar\Cache\0015113F
c:\program files\MyWebSearch\bar\Cache\00151F59.bin
c:\program files\MyWebSearch\bar\Cache\001523CD.bin
c:\program files\MyWebSearch\bar\Cache\00152583.bin
c:\program files\MyWebSearch\bar\Cache\001527C5.bin
c:\program files\MyWebSearch\bar\Cache\00153504.bin
c:\program files\MyWebSearch\bar\Cache\001543C9
c:\program files\MyWebSearch\bar\Cache\005ADDE6.bin
c:\program files\MyWebSearch\bar\Cache\005ADF4E.bin
c:\program files\MyWebSearch\bar\Cache\005AECBB.bin
c:\program files\MyWebSearch\bar\Cache\005AEECF.bin
c:\program files\MyWebSearch\bar\Cache\00AEF483.bin
c:\program files\MyWebSearch\bar\Cache\00AEF6E4.bin
c:\program files\MyWebSearch\bar\Cache\00AF04BF.bin
c:\program files\MyWebSearch\bar\Cache\00AF0646.bin
c:\program files\MyWebSearch\bar\Cache\02AFC3EE
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\network monitor
c:\program files\scdata
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\program files\Sysinternals Antivirus
c:\program files\Sysinternals Antivirus\Sysinternals Antivirus.exe
c:\program files\webhancer
c:\program files\webhancer\Programs\license.txt
c:\program files\webhancer\Programs\readme.txt
c:\program files\webhancer\Programs\sporder.dll
c:\program files\webhancer\Programs\whagent.ini
c:\program files\webhancer\Programs\whinstaller.exe
c:\program files\WinBudget
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\IA
c:\windows\wiaserviv.log
c:\windows\xpsp1hfm.log
c:\windows\yfet.scr
D:\Autorun.inf

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-07-03 04:24 . 2010-07-03 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-18 20:15 . 2008-10-18 20:15 14391 ----a-w- c:\program files\Common Files\opyribu.sys
2008-10-18 20:15 . 2008-10-18 20:15 13450 ----a-w- c:\program files\Common Files\nebyg.bat
2008-10-13 04:02 . 2008-10-13 04:02 15307 ----a-w- c:\program files\Common Files\ganejum.bin
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 16:44:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-20 23:44

Pre-Run: 110,372,380,672 bytes free
Post-Run: 110,892,453,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 52B007B13D31A68CBEF864736E701995

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed 21 Jul 2010, 8:31 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\opyribu.sys
    c:\program files\Common Files\nebyg.bat
    c:\program files\Common Files\ganejum.bin

    Folder::
    c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg

    Reboot::


  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


=========

Please visit Virustotal


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use Jotti


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed 21 Jul 2010, 9:24 am

ComboFix 10-07-20.01 - Compaq_Administrator 07/20/2010 17:46:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.559 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt

FILE ::
"c:\program files\Common Files\ganejum.bin"
"c:\program files\Common Files\nebyg.bat"
"c:\program files\Common Files\opyribu.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\otoctrqmg
c:\program files\Common Files\ganejum.bin
c:\program files\Common Files\nebyg.bat
c:\program files\Common Files\opyribu.sys

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 23:23 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-20 23:24 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-s---w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet
2010-06-21 23:10 . 2010-06-25 04:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 23:26 . 2006-05-05 10:07 148672 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-15 18:10 . 2010-07-06 18:04 48056 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-11 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:20 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-02-13 19:26 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-02-13 19:26 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-02-13 19:26 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-02-13 19:26 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-02-13 19:26 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-02-13 19:26 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-02-13 19:26 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-02-13 19:26 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-02-13 19:26 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-10 23:23 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 12:26 PM 82952]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 12:26 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 12:26 PM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 12:26 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 12:26 PM 55456]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 12:26 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 12:26 PM 83496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-20 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-20 18:20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 01:20
ComboFix2.txt 2010-07-20 23:44

Pre-Run: 110,901,092,352 bytes free
Post-Run: 110,878,707,712 bytes free

- - End Of File - - A5ECA361E22C782F742FB7B3F63051A5

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed 21 Jul 2010, 9:59 am

Hi,

Did you run this through Virustotal: c:\windows\system32\ntoskrnl.exe?

If so I need that report.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed 21 Jul 2010, 10:17 am

Say what? Did you tell me somewhere how to do that?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed 21 Jul 2010, 10:22 am

Hi,

Yes I did, you must have missed it.

Please visit Virustotal


  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\ntoskrnl.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

If VirusTotal is busy please use Jotti


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed 21 Jul 2010, 10:48 am


File has already been analysed:
MD5: 048db3459fab4ca741dcc84e1f374d65
First received: 2010.04.15 13:06:13 UTC
Date: 2010.06.24 16:32:08 UTC [>26D]
Results: 0/40
Permalink: analisis/1c6a1663a3c7119a02df9fc4ea2ef80a8bf92f6cae05b9df1822af2b7a22e48d-1277397128

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed 21 Jul 2010, 1:17 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Thu 22 Jul 2010, 1:52 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4335

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2010 10:51:22 AM
mbam-log-2010-07-21 (10-51-22).txt

Scan type: Quick scan
Objects scanned: 208561
Time elapsed: 19 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\sytucy.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Thu 22 Jul 2010, 4:48 am

Hi,

Could you please run ComboFix again and post the log here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Thu 22 Jul 2010, 9:13 am

ComboFix 10-07-21.01 - Compaq_Administrator 07/21/2010 17:44:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:27 . 2010-06-30 20:44 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-22 17:27 . 2010-06-28 00:12 -------- d-----w- c:\program files\WTouch
2010-06-22 17:24 . 2010-06-28 00:11 -------- d-----w- c:\program files\Tablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 00:09 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-22 00:05 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 00:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-21 23:49 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-21 03:13 . 2010-07-06 18:04 148672 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-09-26 00:52 . 2006-09-26 00:52 50736 c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe

2006-10-23 12:50 . 2006-10-23 12:50 71216 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe

2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-03-11 20:04 . 2007-03-11 20:04 208946 c:\program files\IncrediMail\bin\bak\IncMail.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-08-03 02:18 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-05-10 16:32 . 2006-05-10 16:32 69632 c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2004-08-10 03:04 . 2005-09-29 21:01 67584 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\ehtray.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-21 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-21 18:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-22 01:11
ComboFix2.txt 2010-07-21 01:20
ComboFix3.txt 2010-07-20 23:44

Pre-Run: 114,363,400,192 bytes free
Post-Run: 114,388,627,456 bytes free

- - End Of File - - 41688340D15CD92EB41B17951D597807

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Thu 22 Jul 2010, 10:45 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    AWF::
    c:\program files\Common Files\AOL\1158511488\EE\bak\AOLSoftware.exe
    c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\IncrediMail\bin\bak\IncMail.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
    c:\program files\Nova Development\Photo Explosion Deluxe 3.0\bak\calcheck.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\ehome\bak\ehtray.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Fri 23 Jul 2010, 11:49 am

ComboFix 10-07-22.01 - Compaq_Administrator 07/22/2010 15:54:52.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.577 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-06 17:57 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-27 23:34 . 2010-06-27 23:34 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda3D
2010-06-26 00:43 . 2010-06-26 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-24 23:28 . 2010-06-24 23:57 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-24 12:26 . 2010-07-05 18:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:42 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-22 19:20 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-11 03:26 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-27 01:12 . 2010-05-27 01:12 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-05-27 00:54 . 2010-05-27 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 00:54 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-05-27 00:53 . 2007-12-26 01:22 -------- d-----w- c:\program files\iPod
2010-05-27 00:48 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:44 . 2010-05-27 00:44 -------- d-----w- c:\program files\Bonjour
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S2 0128751279826439mcinstcleanup;McAfee Application Installer Cleanup (0128751279826439);c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012875~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0128751279826439MCINSTCLEANUP
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride =
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-22 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-22 20:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 03:39
ComboFix2.txt 2010-07-22 01:11
ComboFix3.txt 2010-07-21 01:20
ComboFix4.txt 2010-07-20 23:44

Pre-Run: 113,398,984,704 bytes free
Post-Run: 113,384,787,968 bytes free

- - End Of File - - A2F5367C81D9D4666FA357D52BAF0C04

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Fri 23 Jul 2010, 3:50 pm

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\windows\Tasks\RegCure.job
    c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

    Folder::
    c:\program files\RegCure

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uInternet Settings,ProxyOverride =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Elani's\Application Data\Mozilla\Firefox\Profiles\huhwsdtm.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 4

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Wed 28 Jul 2010, 11:23 am

ComboFix 10-07-26.04 - Compaq_Administrator 07/27/2010 18:40:58.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.392 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll"
"c:\windows\Tasks\RegCure.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Elani's\LOCALS~1\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-07-27 23:50 . 2006-05-16 12:58 213936 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
2004-07-28 06:50 . 2004-07-28 06:50 221184 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2006-05-05 03:07 . 2006-05-05 03:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-05-05 10:07 . 2006-05-05 10:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-02-15 22:34 . 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-02-19 07:41 . 2006-02-19 07:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

2007-07-10 13:18 . 2007-07-10 13:18 270648 c:\program files\iTunes\bak\iTunesHelper.exe
2010-04-28 19:06 . 2010-04-28 19:06 142120 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2006-05-05 03:20 . 2005-07-22 22:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-05-05 10:20 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-27 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-27 20:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-27 20:20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 03:20
ComboFix2.txt 2010-07-24 19:46
ComboFix3.txt 2010-07-23 03:40
ComboFix4.txt 2010-07-22 01:11
ComboFix5.txt 2010-07-24 19:50

Pre-Run: 113,350,451,200 bytes free
Post-Run: 113,347,366,912 bytes free

- - End Of File - - 244713D38100EF07080A458E3D33BD97

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Wed 28 Jul 2010, 3:26 pm

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Killall::

    File::
    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    c:\program files\Common Files\Real\Update_OB\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    c:\program files\HP\HP Software Update\hpwuSchd2.exe
    c:\program files\iTunes\iTunesHelper.exe
    c:\program files\QuickTime\QTTask.exe
    c:\windows\SMINST\Recguard.exe
    c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll

    AWF::
    c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
    c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
    c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
    c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
    c:\program files\iTunes\bak\iTunesHelper.exe
    c:\program files\QuickTime\bak\QTTask.exe
    c:\windows\SMINST\bak\RECGUARD.EXE

    MBR::

    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sat 31 Jul 2010, 12:17 am

ComboFix 10-07-29.02 - Compaq_Administrator 07/30/2010 8:48.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.551 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll"
"c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
"c:\program files\Common Files\Real\Update_OB\realsched.exe"
"c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
"c:\program files\HP\HP Software Update\hpwuSchd2.exe"
"c:\program files\iTunes\iTunesHelper.exe"
"c:\program files\QuickTime\QTTask.exe"
"c:\windows\SMINST\Recguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1.001\LOCALS~1\Temp\IadHide5.dll
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\QuickTime\QTTask.exe
c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-24 20:04 . 2010-07-24 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-22 19:39 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-22 19:39 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-22 19:35 . 2010-07-22 19:35 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Malwarebytes
2010-07-22 01:16 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-22 01:16 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-22 00:09 . 2010-07-22 00:09 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\McAfee
2010-07-21 22:16 . 2010-07-22 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-21 22:00 . 2010-07-21 22:00 -------- d-----w- C:\mfe
2010-07-21 21:51 . 2010-07-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\program files\Citrix
2010-07-21 21:45 . 2010-07-21 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Citrix
2010-07-21 17:29 . 2010-07-21 17:29 -------- d-----w- c:\documents and settings\Elani's\Application Data\Malwarebytes
2010-07-21 17:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 17:28 . 2010-07-21 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-18 00:13 . 2010-07-18 00:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\scripting
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\en
2010-07-15 20:50 . 2010-07-15 20:50 -------- d-----w- c:\windows\system32\bits
2010-07-15 19:00 . 2006-04-10 21:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-07-15 19:00 . 2006-01-04 09:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-07-15 19:00 . 2006-04-10 21:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2010-07-15 18:27 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-07-15 18:22 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-07-14 01:04 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:58 . 2010-07-13 17:58 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Identities
2010-07-11 02:12 . 2010-07-11 01:58 4560 ---ha-w- c:\temp\t4.bak2
2010-07-11 02:00 . 2010-07-11 02:00 -------- d-----w- c:\documents and settings\Elani's\Application Data\MSNInstaller
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\CyberLink
2010-07-11 00:40 . 2010-07-11 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\DVDPlay
2010-07-10 23:58 . 2010-07-10 23:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Microsoft Help
2010-07-10 23:50 . 2004-08-04 02:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-10 22:20 . 2010-07-10 22:20 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Identities
2010-07-10 21:13 . 2010-07-10 21:13 -------- d-----w- C:\_OTL
2010-07-10 20:11 . 2010-07-10 20:11 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\NCH Swift Sound
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\IsolatedStorage
2010-07-10 19:58 . 2010-07-10 19:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\HP
2010-07-09 16:35 . 2010-07-09 16:35 -------- d-----w- c:\documents and settings\Elani's\Local Settings\Application Data\Mozilla
2010-07-09 03:36 . 2010-07-09 03:36 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Mozilla
2010-07-09 03:10 . 2010-07-09 03:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-08 23:53 . 2010-07-08 23:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 23:49 . 2010-07-08 23:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IECompatCache
2010-07-08 14:42 . 2010-07-08 14:42 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\PrivacIE
2010-07-08 14:41 . 2010-07-08 14:41 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\IETldCache
2010-07-08 12:13 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-08 12:12 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-08 12:11 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-07-08 12:11 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-07-08 12:11 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-08 12:09 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-08 12:09 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-08 12:07 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2010-07-08 12:07 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-07-08 12:06 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-08 12:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-07-08 12:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-07-08 12:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-08 12:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-07-08 12:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-07-08 12:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-08 12:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-07-08 12:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-07-08 12:06 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-08 12:06 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-08 12:06 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-08 12:01 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-07-08 11:57 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-08 11:53 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-08 11:51 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-07-08 11:51 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-08 11:42 . 2010-07-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\IECompatCache
2010-07-06 20:43 . 2010-07-06 20:43 -------- d-sh--w- c:\documents and settings\Elani's\PrivacIE
2010-07-06 20:39 . 2010-07-06 20:39 -------- d-sh--w- c:\documents and settings\Elani's\IETldCache
2010-07-06 20:19 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-06 20:19 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-06 20:19 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-06 20:19 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-06 20:19 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-06 20:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 20:19 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-06 20:10 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-06 20:08 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-07-06 20:08 . 2008-10-23 12:36 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2010-07-06 19:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-06 19:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-06 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-06 19:03 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-06 18:14 . 2010-07-21 01:27 -------- d-sh--r- c:\windows\system32\dllcache
2010-07-06 18:06 . 2010-07-06 18:06 -------- d-s---w- c:\documents and settings\Elani's\UserData
2010-07-06 17:58 . 2010-07-06 17:58 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\AdobeUM
2010-07-06 17:57 . 2010-07-06 17:57 -------- d-sh--w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\UserData
2010-07-06 16:41 . 2010-07-24 16:02 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\Adobe
2010-07-06 16:17 . 2010-02-16 14:08 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-06 16:13 . 2008-11-14 23:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPQ
2010-07-06 16:13 . 2008-11-14 23:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HP
2010-07-06 16:13 . 2006-05-05 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-07-06 16:13 . 2006-05-05 10:20 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-07-06 15:00 . 2010-07-06 15:00 -------- d-----w- C:\found.002
2010-07-04 17:55 . 2010-07-06 00:40 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\WTouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 16:03 . 2007-07-13 17:47 -------- d-----w- c:\program files\QuickTime
2010-07-30 16:03 . 2007-07-13 17:54 -------- d-----w- c:\program files\iTunes
2010-07-24 21:55 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee
2010-07-24 19:58 . 2009-12-14 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 10:03 . 2009-09-13 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-22 22:58 . 2006-05-05 10:07 148280 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 22:57 . 2010-07-06 18:04 148280 ----a-w- c:\documents and settings\Elani's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 19:38 . 2006-05-05 10:17 -------- d-----w- c:\program files\Microsoft Works
2010-07-21 22:43 . 2009-01-17 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-21 22:34 . 2010-07-21 22:33 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-21 22:33 . 2010-07-21 22:33 -------- d-----w- c:\program files\McAfee.com
2010-07-15 20:53 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-15 20:53 . 2010-07-15 20:53 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-07-15 20:53 . 2010-07-15 20:53 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-07-15 20:53 . 2010-07-15 20:53 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-07-15 20:53 . 2010-07-15 20:53 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-07-15 20:53 . 2010-07-15 20:53 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-07-15 20:53 . 2010-07-15 20:53 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-07-15 20:53 . 2010-07-15 20:53 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-07-15 20:53 . 2010-07-15 20:53 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-10 22:00 . 2006-05-05 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-10 20:58 . 2006-05-05 09:45 -------- d-----w- c:\program files\Java
2010-07-10 20:57 . 2006-05-05 10:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-10 20:06 . 2006-05-05 10:10 -------- d-----w- c:\program files\WildTangent
2010-07-10 20:05 . 2006-05-05 10:09 -------- d-----w- c:\program files\Sonic
2010-07-10 20:02 . 2006-05-05 09:40 -------- d-----w- c:\program files\GemMaster
2010-07-10 19:58 . 2010-07-06 16:15 163 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Application Data\fusioncache.dat
2010-07-06 20:05 . 2006-05-05 10:36 -------- d-----w- c:\program files\Norton Internet Security
2010-07-06 16:22 . 2010-07-06 16:22 1871 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_Qcnx622_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.4_#060914_N_Z11C10620_G10DE0241.MRK
2010-07-05 18:25 . 2010-06-24 12:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-07-04 14:24 . 2010-04-19 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-04 14:24 . 2006-10-07 01:26 -------- d-----w- c:\program files\Yahoo!
2010-07-02 21:05 . 2010-04-14 19:26 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\gtk-2.0
2010-06-30 20:44 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTablet
2010-06-28 18:59 . 2010-02-13 02:07 69040 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-28 00:12 . 2010-06-22 17:27 -------- d-----w- c:\program files\WTouch
2010-06-28 00:12 . 2010-06-28 00:12 -------- d-----w- c:\program files\TabletPlugins
2010-06-28 00:11 . 2010-06-22 17:24 -------- d-----w- c:\program files\Tablet
2010-06-26 15:42 . 2010-06-26 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-25 13:29 . 2010-05-18 21:13 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-25 13:28 . 2009-08-15 16:26 -------- d-----w- c:\program files\Electronic Arts
2010-06-25 13:19 . 2009-07-09 01:00 -------- d-----w- c:\program files\EA GAMES
2010-06-24 23:57 . 2010-06-24 23:28 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\GetRightToGo
2010-06-22 17:54 . 2010-06-22 17:54 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-06-22 17:43 . 2009-09-21 22:04 -------- d-----w- c:\program files\Corel
2010-06-22 17:27 . 2010-06-22 17:27 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\WTouch
2010-06-17 15:15 . 2010-06-17 15:15 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.000\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2010-03-12 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-17 15:15 . 2009-08-20 20:29 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 15:30 . 2010-02-13 02:07 148 ----a-w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 15:19 . 2010-03-21 17:30 -------- d-----w- c:\documents and settings\Elani.YOUR-4DACD0EA75.000\Application Data\Apple Computer
2010-06-03 01:00 . 2009-10-15 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-01 03:32 . 2010-07-21 22:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-07-21 22:33 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-07-21 22:33 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-06-01 03:32 . 2010-07-21 22:33 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-07-21 22:33 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-06-01 03:32 . 2010-07-21 22:33 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-07-21 22:33 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-07-21 22:33 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-07-21 22:33 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-07-21 22:33 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 10:41 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-01-21 00:53 . 2008-05-25 03:07 45056 ------r- c:\program files\SetAttrib.exe
2010-06-01 03:32 . 2010-07-21 22:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe
[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe
[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe
[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe
[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-01 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-5 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-5 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/21/2010 3:33 PM 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/21/2010 3:33 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/21/2010 3:33 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [7/21/2010 3:33 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/21/2010 3:33 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/21/2010 3:33 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/21/2010 3:33 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/21/2010 3:33 PM 83496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{3D7370D9-BB56-4205-ACA0-75F832ABBCC5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{82FFFFBC-33AC-4947-8AC4-3989044E9374}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Application Data\Mozilla\Firefox\Profiles\6u037g1x.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Recguard - c:\windows\SMINST\RECGUARD.EXE
HKLM-Run-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPwuSchd2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-30 09:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2175479376-3905921851-941298651-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-07-30 09:15:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 16:15
ComboFix2.txt 2010-07-28 03:20
ComboFix3.txt 2010-07-24 19:46
ComboFix4.txt 2010-07-23 03:40
ComboFix5.txt 2010-07-30 15:41

Pre-Run: 113,240,338,432 bytes free
Post-Run: 113,226,493,952 bytes free

- - End Of File - - 4D640DDA3A5D2AF718F590C4CB705BAA

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sat 31 Jul 2010, 6:04 am

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: wuauclt.exe is infected

Post by mjomisko on Sun 01 Aug 2010, 1:40 pm

When I open ESET it says:
IMPORTANT: Before installing ESET Smart Security 4 you must uninstall your existing antivirus solution.
Click here to access the list of uninstallers for common antivirus programs.

Do I need to uninstall McAfee before I run this scan or can I just deactivate it?

mjomisko

Rookie Surfer
Rookie Surfer

Posts : 53
Joined : 2010-07-09
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sneakyone on Sun 01 Aug 2010, 2:56 pm

Nah, please do this instead.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


  • I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Tue 10 Aug 2010, 10:56 am

    I am having trouble doing this. First, when I click the Kaspersky website link there is a hand that has like a yellow "splat" on it with an exclamation point on it so the link didn't work. I went to the Kaspersky website and found the Free Scan but nothing happens so I'm downloading the 30-day trial. It doesn't seem right since I already have McAfee running but I don't know what else to do. I have the pop-up blocker turned off.

    mjomisko

    Rookie Surfer
    Rookie Surfer

    Posts : 53
    Joined : 2010-07-09
    Operating System : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Tue 10 Aug 2010, 11:04 am

    Hi.

    Uninstall Kasperksy for now, as it will interfere with the scans.

    Please run Panda ActiveScan online scan.

    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Tue 10 Aug 2010, 11:16 pm

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-08-10 08:15:48
    PROTECTIONS: 1
    MALWARE: 51
    SUSPECTS: 7
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee Anti-Virus and Anti-Spyware No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@trafficmp[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@atdmt[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@tradedoubler[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@fastclick[2].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@tribalfusion[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@mediaplex[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@7search[1].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@7search[2].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[3].txt
    00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@7search[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@clickbank[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@clickbank[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@ccbill[1].txt
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@ccbill[1].txt
    00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00167637 Cookie/Socalcoeds TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@socalcoeds[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@com[5].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[3].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@com[2].txt
    00167650 Cookie/GangbangSquad TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@gangbangsquad[1].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[3].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@outster[2].txt
    00167653 Cookie/Outster TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@outster[2].txt
    00167691 Cookie/ademails TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@xiti[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@gostats[1].txt
    00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@gostats[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@azjmp[4].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[3].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@azjmp[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@azjmp[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[4].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@toplist[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@toplist[7].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statcounter[2].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@counter.hitslink[1].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@counter.hitslink[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[4].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[6].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[10].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[5].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[7].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[3].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@apmebf[8].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@burstnet[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@bs.serving-sys[1].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@[You must be registered and logged in to see this link.]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@[You must be registered and logged in to see this link.]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@weborama[1].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@stat.onestat[2].txt
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@stat.onestat[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@advertising[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani's\cookies\elani's@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.001\cookies\compaq_administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\administrator\cookies\administrator@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@statse.webtrendslive[2].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@statse.webtrendslive[3].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@statse.webtrendslive[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[2].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www5.addfreestats[1].txt
    00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@www5.addfreestats[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[1].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@xxxcounter[3].txt
    00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@xxxcounter[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[3].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@go[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@go[1].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@go[5].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[3].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@target[1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@target[2].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@target[1].txt
    00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@did-it[1].txt
    00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www3.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[1].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[2].txt
    00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@www6.addfreestats[3].txt
    00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@drivecleaner[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[2].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator.your-4dacd0ea75.000\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@citi.bridgetrack[1].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@citi.bridgetrack[3].txt
    00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@citi.bridgetrack[2].txt
    00377802 Spyware/PeoplePC Spyware No 0 Yes No c:\program files\online services\peoplepc\isp5900\dll\ras.dll
    00447834 Adware/Lop Adware No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp17\a0010262.dll
    00450614 Adware/2Search Adware No 0 No No c:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe[ppctoolbar.dll]
    00530383 Cookie/DriveCleaner TrackingCookie No 0 Yes No c:\documents and settings\compaq_administrator\cookies\compaq_administrator@go.drivecleaner[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[1].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@registrydefender[2].txt
    00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@registrydefender[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75.000\cookies\elani@enhance[2].txt
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\documents and settings\elani.your-4dacd0ea75\cookies\elani@enhance[1].txt
    03173354 Application/FunWeb HackTools No 0 Yes No c:\qoobox\quarantine\c\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir
    03173354 Application/FunWeb HackTools No 0 Yes No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp32\a0021366.dll
    03983016 Generic Malware Virus/Trojan No 0 Yes No c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\9ce7168.msi[unk_0117]
    04338226 Generic Malware Virus/Trojan No 0 Yes No c:\windows\installer\1791b3a7.msi[unk_0117]
    06792792 Adware/SysinternalsAntivirus Adware No 0 Yes No c:\_otl\movedfiles\07102010_141333\c_\pb32.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\program files\avancepaint\effects\special gray.exe
    No c:\program files\avancepaint\effects\wave.exe
    No c:\program files\online services\msn90\pkgs\en\us\msncli.exe[c:\program files\online services\msn90\pkgs\en\us\msncli.exe][mailares.dll]
    No c:\qoobox\quarantine\c\program files\regcure\regcure.exe.vir
    No c:\qoobox\quarantine\c\program files\regcure\uninst.exe.vir
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024743.exe
    No c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\rp44\a0024744.exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    219822 HIGH MS10-021
    217842 HIGH MS10-015
    971486 HIGH MS09-058
    ;===================================================================================================================================================================================

    mjomisko

    Rookie Surfer
    Rookie Surfer

    Posts : 53
    Joined : 2010-07-09
    Operating System : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sneakyone on Wed 11 Aug 2010, 7:41 am

    Hi.

    Please run OTL.exe.

    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:

      :Files
      c:\program files\compaq connections\5577497\program\interop.shdocvw.dll
      c:\windows\installer\9ce7168.msi
      c:\windows\installer\1791b3a7.msi

      :commands
      [emptytemp]
      [emptyflash]
      [resethosts]
      [reboot]

    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    I'm livin' life in the fast lane.


    Sneakyone

    Tech Officer
    Tech Officer

    Posts : 2707
    Joined : 2010-01-10
    Operating System : Windows 7 Ultimate 64-bit

    View user profile http://twitter.com/AVerySneakyone

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by mjomisko on Sun 15 Aug 2010, 8:17 am

    All processes killed
    ========== FILES ==========
    c:\program files\compaq connections\5577497\program\Interop.SHDocVw.dll moved successfully.
    c:\windows\installer\9ce7168.msi moved successfully.
    c:\windows\installer\1791b3a7.msi moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Temp folder emptied: 104374929 bytes
    ->Temporary Internet Files folder emptied: 129029635 bytes
    ->Java cache emptied: 128234 bytes
    ->FireFox cache emptied: 42861330 bytes
    ->Flash cache emptied: 5251 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Elani
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Temp folder emptied: 23935944 bytes
    ->Temporary Internet Files folder emptied: 9229602 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 154843791 bytes
    ->Flash cache emptied: 76789 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65854 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pat
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 114688 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 443.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Compaq_Administrator

    User: Compaq_Administrator.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: Compaq_Administrator.YOUR-4DACD0EA75.001
    ->Flash cache emptied: 0 bytes

    User: Compaq_AdministratorYOUR-4DACD0EA75

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Elani
    ->Flash cache emptied: 0 bytes

    User: Elani's
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75
    ->Flash cache emptied: 0 bytes

    User: Elani.YOUR-4DACD0EA75.000
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: pat

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.9.0 log created on 08142010_170257

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Compaq_Administrator.YOUR-4DACD0EA75.001\Local Settings\Temp\Perflib_Perfdata_c24.dat not found!
    C:\Documents and Settings\Elani's\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...

    mjomisko

    Rookie Surfer
    Rookie Surfer

    Posts : 53
    Joined : 2010-07-09
    Operating System : vista

    View user profile

    Back to top Go down

    Re: wuauclt.exe is infected

    Post by Sponsored content Today at 11:15 pm


    Sponsored content


    Back to top Go down

    Page 2 of 3 Previous  1, 2, 3  Next

    View previous topic View next topic Back to top


     
    Permissions in this forum:
    You cannot reply to topics in this forum