Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus won't let me run Malawarebytes' AntiMalware OR Super Ant

Started by jadi929 , Oct 22 2009 02:08 PM

  • This topic is locked This topic is locked

#1
jadi929
Posted 22 October 2009 - 02:08 PM

jadi929

    Member

  • Member
  • PipPip
  • 79 posts
Ok so i was reffered here from another thread. Heres the problem: i have some sort of trjan in my pc which won't leave me alone

Details:

I followed the malware removal guide until it said to install Malwarebytes' Anti-Malware. I installed it fine, but when i try to run it, I get a message saying:


"Windows cannot access the specified file, path or device. You may not have the appropriate permissions to access the item."

I also had gotten this message when i tried to run super antispyware.

It seems the virus modifies the registry to block the anti virus program f

I have a program called CCleaner. I scanned it to any thing wrong with the registry. Heres what it came up with:

Missing Startup Software C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce


Missing MUI Reference C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\is-TT01T.tmp\malware remover.tmp HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache


I delete those registries, but they seem to be created again. Either way, the program doesn't run.

NOTE: The program ran the first time, but as soon as I clicked "Quick Scan", it closed out automatically.


UPDATE: I ran RootRepeal for a log but it freezes whenever I click scan.

UPDATE2: Here is the log from OTL:

OTL logfile created on: 1/2/2008 4:08:27 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = H:\Virus Removal
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 477.59 Mb Available Physical Memory | 53.40% Memory free
2.30 Gb Paging File | 2.02 Gb Available in Paging File | 87.71% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 198.81 Gb Free Space | 88.64% Space Free | Partition Type: NTFS
Drive D: | 8.57 Gb Total Space | 0.58 Gb Free Space | 6.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.86 Gb Total Space | 1.74 Gb Free Space | 93.66% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: SHAIKHFAMILY
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/09/02 14:09:06 | 01,682,744 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2009/08/24 15:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/02 09:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/01/02 04:08:02 | 00,521,216 | ---- | M] (OldTimer Tools) -- H:\Virus Removal\OTL.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2006/06/21 06:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/12/15 21:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/09 23:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/05/02 09:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/08/14 18:22:33 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2006/06/21 06:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/12/15 21:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2005/08/04 03:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2004/08/09 23:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/03 23:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/20 17:01:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/01/01 01:14:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 18:41:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/10/06 18:41:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/10/06 18:41:49 | 00,000,000 | ---D | M]

[2008/10/03 08:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions
[2008/10/03 08:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/20 17:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions
[2009/10/20 17:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/08 18:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/08 18:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/05 18:50:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/08 18:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\idv4s0og.default\extensions\[email protected]
[2008/10/03 08:39:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/10/03 08:39:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 15:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 15:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 15:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/06 18:41:49 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/24 13:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 13:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/18 10:44:56 | 00,002,273 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/24 13:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 13:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 13:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 13:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 13:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.DLL (Promise Technology, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198 0.0.0.0
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 23:02:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/06 18:43:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 17:30:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/10 17:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/05/10 17:29:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/16 10:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/10/20 16:19:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/16 13:59:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/07/28 11:14:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2009/06/26 17:23:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/10 15:06:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2009/05/10 18:16:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
[2009/05/20 10:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
[2009/05/10 17:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer
[2009/06/23 12:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2009/06/23 13:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Broad Intelligence
[2009/05/20 14:50:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DiskAid
[2009/06/23 12:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
[2009/10/18 15:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ECSoftware
[2009/07/13 13:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FixerLabs
[2009/09/23 19:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FreshDiagnose
[2009/10/16 11:37:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GARMIN
[2009/07/09 12:15:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HP
[2009/10/10 15:40:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HpUpdate
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2009/06/05 11:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2009/05/10 17:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
[2009/10/20 17:01:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
[2009/08/10 15:06:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
[2008/10/03 08:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
[2009/06/05 11:40:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sonic
[2009/05/16 14:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Symantec
[2009/05/16 11:33:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TuneAid
[2009/05/18 13:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\U3
[2009/10/17 12:49:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
[2009/05/19 14:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2009/10/16 11:33:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
[2009/08/10 15:06:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/05/12 19:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Adobe
[2009/05/10 17:29:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Apple
[2009/05/10 17:28:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Apple Computer
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory
[2009/06/23 12:06:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DNA
[2009/07/09 12:15:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\HP
[2009/05/12 19:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Identities
[2009/07/09 12:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IsolatedStorage
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft
[2009/05/10 17:18:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Mozilla
[2009/08/10 15:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Wildtangent
[2009/06/26 17:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WinZip
[2009/06/29 18:37:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2009/05/22 15:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/10 17:28:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/20 17:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2009/05/10 17:47:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/05/10 17:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/06/06 16:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/05/16 10:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/05/16 10:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/23 12:06:16 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/05/10 17:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/16 11:46:17 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/05/16 11:33:25 | 00,000,000 | ---D | C] -- C:\Program Files\DigiDNA
[2009/06/23 12:06:16 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2008/01/02 01:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/13 13:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\FixerLabs
[2009/10/16 11:46:16 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
[2009/10/16 11:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2009/07/13 13:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Geniune Service
[2009/10/18 15:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\HexEdit
[2009/07/21 14:51:25 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/10 17:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/20 15:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/08/11 14:00:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/10/03 07:50:09 | 00,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32
[2008/01/02 01:04:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/06 16:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/06/23 13:54:30 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder iPod Edition
[2009/05/10 17:47:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008/10/03 08:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/11 09:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/11 21:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/05/16 13:59:04 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/13 13:19:23 | 00,000,000 | ---D | C] -- C:\Program Files\on0ne Software
[2009/07/28 11:14:46 | 00,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2009/06/04 16:55:11 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/11 09:14:49 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/08 17:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/10/17 12:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/10/02 15:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\VIA
[2009/05/23 17:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2009/10/16 11:32:53 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/05/10 17:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2009/06/26 17:23:31 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/20 17:01:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/19 16:00:22 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/10/18 15:02:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\JMKG15
[2009/10/17 15:23:54 | 00,102,400 | ---- | C] (DinkIT Limited) -- C:\WINDOWS\System32\DinkITXPUIMenus.ocx
[2009/10/17 15:23:54 | 00,065,536 | ---- | C] (Ethernety) -- C:\WINDOWS\System32\EnhSliderOcx.ocx
[2009/10/17 13:21:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\CNNANT 2010 IMG
[2009/10/16 11:36:56 | 00,000,000 | ---D | C] -- C:\MapSource
[2009/10/11 09:14:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/11 09:14:31 | 00,000,000 | ---D | C] -- C:\cca6fa5bc76cd6bc4fee5e1381
[2009/10/10 15:40:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/10/09 10:58:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\Downloads
[2009/10/09 10:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads
[2009/10/08 16:25:31 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My DVDs
[2009/10/03 07:50:09 | 00,041,984 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2009/10/03 07:50:09 | 00,028,160 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/09/27 14:22:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/09/27 14:21:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/27 14:18:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/09/27 14:18:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/09/27 14:17:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/09/27 14:14:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/09/23 19:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\System Report
[2009/08/15 12:34:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/12 15:42:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/08/11 14:28:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/08/10 15:44:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2009/08/10 15:42:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/10 15:42:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/08/10 15:23:33 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/08/10 15:06:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Pictures
[2009/08/10 15:06:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Music
[2009/08/10 14:48:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/07/19 12:27:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/19 12:25:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/19 12:24:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/19 12:23:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/07/13 13:18:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\Geniune Service
[2009/07/09 12:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Albums
[2009/06/17 20:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\FlashGot
[2009/06/06 16:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\DVDVideoSoft
[2009/06/02 20:17:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2009/06/02 20:16:31 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/05/30 13:19:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Lockdown
[2009/05/30 12:47:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\Other
[2009/05/23 17:24:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Bluetooth Exchange Folder
[2009/05/23 17:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\abdullah
[2009/05/22 15:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\Ebay
[2009/05/20 15:55:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\iPhone Ringtones
[2009/05/20 09:51:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Videos
[2009/05/17 20:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\Quran
[2009/05/16 14:08:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/16 10:27:54 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\My Webs
[2009/05/10 19:57:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/10 19:43:13 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/05/10 19:17:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/05/10 19:17:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/05/10 19:16:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/05/10 19:15:16 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/05/10 19:15:10 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/05/10 18:00:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\School
[2009/05/10 17:47:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/05/10 17:36:33 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/05/10 17:16:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/10 17:16:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2009/04/17 19:48:14 | 00,018,304 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2009/04/17 19:48:14 | 00,009,344 | ---- | C] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys
[2008/10/02 15:44:47 | 00,008,704 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
[2008/03/26 10:41:24 | 00,360,580 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2008/01/02 01:29:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/01/02 01:29:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/01/02 01:04:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/01/01 04:34:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/01/01 02:39:54 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/20 18:19:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/20 16:33:22 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/17 15:25:46 | 00,102,400 | ---- | M] (DinkIT Limited) -- C:\WINDOWS\System32\DinkITXPUIMenus.ocx
[2009/10/17 15:25:46 | 00,065,536 | ---- | M] (Ethernety) -- C:\WINDOWS\System32\EnhSliderOcx.ocx
[2009/10/17 15:25:46 | 00,064,000 | ---- | M] () -- C:\WINDOWS\System32\wiaaut.oca
[2009/10/17 12:00:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/15 18:42:38 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Word.lnk
[2009/10/13 13:30:57 | 00,037,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/11 16:19:10 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\winscp.rnd
[2009/10/11 09:34:24 | 00,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/09 15:07:11 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/09 15:06:51 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/10/09 10:37:05 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DiskAid.lnk
[2009/09/27 14:11:25 | 00,024,439 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\How-to-update-your-computer-with-the-JPEG-processing.docx
[2009/09/27 13:25:37 | 00,000,250 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/16 10:11:44 | 00,124,362 | ---- | M] () -- C:\WINDOWS\HPHins12.dat
[2009/08/15 13:35:05 | 00,000,108 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/08/15 12:47:50 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/12 17:09:58 | 00,005,866 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Motor Vehicle Bill of Sale.doc
[2009/08/11 12:11:55 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/08/10 15:40:46 | 00,001,644 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RF882AA-ABA SR2034NX NA680_YC_0Pres_QCNH635_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#061105_N_Z14F12F20_G10DE06E4.MRK
[2009/08/10 15:03:30 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/10 14:48:55 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/08/08 07:16:32 | 00,000,224 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Qari Rab Nawaz Hanafi - Kiya Nabi Har Jaga Majood Hein (www.Tauheed-Sunnat.com).ram
[2009/07/30 09:37:39 | 00,232,950 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SophInd FSSL Student Signature 200910.pdf
[2009/07/28 10:04:48 | 00,309,388 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\sc0002.JPG
[2009/07/16 09:44:52 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 13:42:21 | 00,061,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/09 12:22:01 | 00,945,115 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln2.JPG
[2009/07/09 12:21:51 | 00,836,704 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln3.JPG
[2009/07/09 12:21:38 | 01,005,216 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln1.JPG
[2009/07/07 17:53:02 | 00,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2009/07/07 17:52:50 | 00,041,984 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2009/06/30 20:26:15 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Town and country.doc
[2009/06/23 13:54:47 | 00,000,819 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MediaCoder iPod Edition.lnk
[2009/06/23 12:08:07 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/06/10 17:33:00 | 01,580,550 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/06/10 07:29:26 | 00,053,768 | ---- | M] () -- C:\WINDOWS\System32\default.tvp
[2009/06/10 07:29:26 | 00,033,032 | ---- | M] () -- C:\WINDOWS\System32\finance.tvp
[2009/06/10 07:29:26 | 00,031,186 | ---- | M] () -- C:\WINDOWS\System32\dcc.tvp
[2009/06/10 07:29:26 | 00,029,892 | ---- | M] () -- C:\WINDOWS\System32\cad.tvp
[2009/06/10 07:28:50 | 00,064,777 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/06/06 16:47:13 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MediaCoder.lnk
[2009/06/04 16:59:08 | 00,003,206 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\index2.htm
[2009/06/03 14:24:03 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/06/03 14:24:03 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/06/02 20:18:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\frontpg.ini
[2009/06/02 19:26:02 | 02,259,456 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\fpse02_win2008_vista_rtm_ENG.msi
[2009/05/16 10:22:49 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2009/05/10 17:49:21 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WinSCP.lnk
[2009/05/10 17:18:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/05/10 17:16:10 | 00,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2009/05/10 17:14:40 | 00,000,143 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/04/17 19:48:14 | 00,018,304 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmngen.sys
[2009/04/17 19:48:14 | 00,009,344 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\System32\drivers\grmnusb.sys
[2009/03/27 02:09:32 | 01,193,414 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/01/09 14:18:31 | 01,089,601 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2008/10/07 08:13:30 | 00,197,912 | ---- | M] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | M] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/03 08:39:50 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/02 15:24:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/07/11 19:20:00 | 00,008,704 | R--- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
[2008/05/02 09:46:00 | 01,703,936 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 09:46:00 | 01,630,208 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/02 09:46:00 | 01,486,848 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 09:46:00 | 01,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/02 09:46:00 | 01,019,904 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 09:46:00 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 09:46:00 | 00,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/02 09:46:00 | 00,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/02 09:46:00 | 00,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/02 09:46:00 | 00,182,347 | ---- | M] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/05/02 09:46:00 | 00,131,070 | R--- | M] () -- C:\WINDOWS\System32\nv3dhun.chm
[2008/05/02 09:46:00 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2008/05/02 09:46:00 | 00,018,070 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2008/03/26 10:41:24 | 00,360,580 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2008/03/24 23:50:40 | 00,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008/03/24 23:50:40 | 00,355,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2008/03/11 23:14:28 | 00,003,948 | R--- | M] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/02/26 04:55:20 | 00,009,417 | R--- | M] () -- C:\WINDOWS\System32\nvide.nvu
[2008/01/02 04:00:00 | 00,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2008/01/02 04:00:00 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2008/01/02 03:40:59 | 00,222,606 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2008/01/02 03:40:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/01/02 03:40:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2008/01/02 03:40:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/01/02 03:40:47 | 93,793,8944 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/02 01:29:07 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/01/02 01:03:30 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/01/02 00:57:42 | 00,024,146 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\cc_20080102_005736.reg
[2008/01/01 02:39:25 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/01/01 02:15:11 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2007/12/31 23:18:11 | 00,480,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2007/12/31 23:18:11 | 00,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2007/12/31 23:18:11 | 00,004,762 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2007/12/31 23:16:40 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2007/12/31 23:13:11 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files - No Company Name ==========
[2009/10/20 16:33:22 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/19 12:49:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/10/17 15:23:54 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\wiaaut.oca
[2009/10/17 15:16:13 | 00,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/17 15:16:09 | 00,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/17 15:16:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/13 13:30:57 | 00,037,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/09 15:06:51 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/10/06 18:43:59 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/27 14:11:23 | 00,024,439 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\How-to-update-your-computer-with-the-JPEG-processing.docx
[2009/08/11 12:11:53 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/08/10 15:40:44 | 00,001,644 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RF882AA-ABA SR2034NX NA680_YC_0Pres_QCNH635_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#061105_N_Z14F12F20_G10DE06E4.MRK
[2009/08/10 15:06:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini
[2009/08/10 15:06:35 | 01,992,308 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\IconCache.db
[2009/08/10 15:06:35 | 00,043,680 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/10 15:06:35 | 00,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/08/08 07:16:28 | 00,000,224 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Qari Rab Nawaz Hanafi - Kiya Nabi Har Jaga Majood Hein (www.Tauheed-Sunnat.com).ram
[2009/07/30 09:37:38 | 00,232,950 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SophInd FSSL Student Signature 200910.pdf
[2009/07/28 09:58:44 | 00,309,388 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\sc0002.JPG
[2009/07/09 10:29:43 | 00,945,115 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln2.JPG
[2009/07/09 10:29:43 | 00,836,704 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln3.JPG
[2009/07/09 10:29:42 | 01,005,216 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lincoln1.JPG
[2009/06/23 13:54:47 | 00,000,819 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MediaCoder iPod Edition.lnk
[2009/06/23 12:08:07 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/06/22 11:04:00 | 00,005,866 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Motor Vehicle Bill of Sale.doc
[2009/06/16 17:13:49 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Town and country.doc
[2009/06/10 17:33:00 | 01,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/06/10 07:29:34 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 01,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 07:29:34 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:34 | 00,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 07:29:34 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 07:29:32 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/10 07:29:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2009/06/10 07:29:26 | 00,053,768 | ---- | C] () -- C:\WINDOWS\System32\default.tvp
[2009/06/10 07:29:26 | 00,033,032 | ---- | C] () -- C:\WINDOWS\System32\finance.tvp
[2009/06/10 07:29:26 | 00,031,186 | ---- | C] () -- C:\WINDOWS\System32\dcc.tvp
[2009/06/10 07:29:26 | 00,029,892 | ---- | C] () -- C:\WINDOWS\System32\cad.tvp
[2009/06/10 07:28:50 | 00,222,606 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/06/10 07:28:50 | 00,064,777 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/06/06 16:47:13 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MediaCoder.lnk
[2009/06/06 16:07:42 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 16:12:19 | 00,003,206 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\index2.htm
[2009/06/02 20:18:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2009/06/02 19:25:13 | 02,259,456 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\fpse02_win2008_vista_rtm_ENG.msi
[2009/05/26 15:05:26 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\resume.doc
[2009/05/20 14:48:57 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DiskAid.lnk
[2009/05/16 14:50:46 | 00,061,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
[2009/05/16 10:22:49 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Audacity.lnk
[2009/05/10 19:27:45 | 00,000,250 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/05/10 17:49:22 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\winscp.rnd
[2009/05/10 17:49:21 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WinSCP.lnk
[2009/05/10 17:47:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/10 17:47:31 | 00,002,483 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Microsoft Word.lnk
[2009/05/10 17:36:19 | 00,124,362 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/05/10 17:36:19 | 00,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/05/10 17:29:17 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/10 17:18:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/10 17:16:21 | 00,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2009/05/10 17:16:19 | 00,260,272 | RHS- | C] () -- C:\cmldr
[2009/05/10 17:16:10 | 00,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/03 08:39:50 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/10/02 15:32:51 | 00,182,347 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/10/02 15:32:32 | 00,131,070 | R--- | C] () -- C:\WINDOWS\System32\nv3dhun.chm
[2008/10/02 15:31:16 | 00,009,417 | R--- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2008/10/02 15:30:53 | 00,005,836 | R--- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2008/10/02 15:30:53 | 00,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/10/02 15:30:49 | 00,002,016 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2008/10/02 15:24:07 | 00,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2008/01/02 01:29:07 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/01/02 01:03:30 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/01/02 00:57:38 | 00,024,146 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\cc_20080102_005736.reg
[2008/01/02 00:44:39 | 93,793,8944 | -HS- | C] () -- C:\hiberfil.sys
[2006/08/14 18:36:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/14 18:11:21 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/14 18:04:18 | 00,012,986 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/14 18:04:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/14 18:01:01 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/14 17:51:55 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/14 17:50:42 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/14 17:46:27 | 00,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/14 17:45:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/14 17:42:33 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/14 17:42:33 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/14 17:41:17 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/14 17:20:50 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/14 17:20:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/14 17:20:35 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/16 01:25:43 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/08/30 23:02:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 15:52:36 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/30 15:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 23:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2004/07/26 09:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/01/02 00:48:53 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/06 18:43:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/10 17:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/02 00:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir Workstation
[2006/08/14 17:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/08/14 17:55:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/08/14 18:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/07/28 11:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2006/08/14 17:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/08/14 17:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/06/26 17:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/20 16:19:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2009/09/27 13:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2009/06/23 13:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Broad Intelligence
[2009/10/10 11:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DiskAid
[2009/09/27 13:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
[2009/10/18 15:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ECSoftware
[2009/07/13 13:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FixerLabs
[2009/09/23 19:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FreshDiagnose
[2009/10/16 11:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GARMIN
[2006/08/14 18:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2009/06/05 11:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2009/05/16 11:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TuneAid
[2009/10/16 20:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\U3
[2009/10/17 15:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
[2009/05/19 14:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2009/10/20 18:19:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/01/02 03:40:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/01/02 04:00:00 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2008/01/02 04:00:00 | 00,000,314 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/09 23:00:00 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/09 23:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2004/08/09 23:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< %systemroot%\system32\drivers\IdeChnDr.sys >
< End of report >

Edited by jadi929, 22 October 2009 - 04:51 PM.

  • 0

Advertisements

#2
Onaipian
Posted 22 October 2009 - 05:26 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello! :) Welcome to GeekstoGo! I'm piano9playa5 and will be assisting you with your malware problems. If you have any questions, ask away! Just a few tips to make things go smoothly:
  • Please be patient. There may be delays in between my posts, as I must check everything with a moderator before posting.
  • Don't run tools you see being used in another topic. Running tools unsupervised can be dangerous.
  • Copy\Paste logs in your replies, rather than attaching them, unless I instruct you to do otherwise. This makes things easier for me, and the moderator looking over this topic.

I'll post back some instructions shortly.
  • 0

#3
Onaipian
Posted 23 October 2009 - 01:08 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
:) Hello. Let's begin the removal process!


STEP 1
Download Win32kDiag and save it to your Desktop. Do not run it!
  • Please go to Start > Run
  • Copy\Paste the following into the dialogue:

    "%userprofile%\desktop\win32kdiag.exe" -f -r
  • Click Ok
  • Once done, there should be a file, Win32kDiag.txt on your Desktop.
  • Open it, and post the contents here.



STEP 2
  • 1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.



STEP 3
You must use Internet Explorer to download this!

Please download Combofix from any of the links below. You must rename it before saving.
Please rename it to jadi929 before saving it to your desktop.

Download Link #1
Download Link #2

==================================


Double click on jadi929 and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.



STEP 4
Remember to post back the following logs:
  • Win32kDiag.txt
  • C:\Avenger.txt
  • C:\ComboFix.txt

  • 0

#4
jadi929
Posted 23 October 2009 - 01:59 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Log from WinDiag:

Running from: C:\Documents and Settings\Compaq_Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Compaq_Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp\ZAP149.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP149.tmp\ZAP149.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25B.tmp\ZAP25B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25B.tmp\ZAP25B.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\IIS Temporary Compressed Files\IIS Temporary Compressed Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IIS Temporary Compressed Files\IIS Temporary Compressed Files

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}

Found mount point : C:\WINDOWS\Installer\{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}\{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}\{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}

Found mount point : C:\WINDOWS\Installer\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\05c415ef6d072eb49a51ae487bfc11a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0ad26524c298df9a41026d3b49a38936\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\29fac2778ef9276807b5af52b3f981b9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\29fac2778ef9276807b5af52b3f981b9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\2a8c07aaf8ec0a2dbcb5ab11c4e40d88\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3112269c39ef5d624522fb876634b1d2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3112269c39ef5d624522fb876634b1d2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4e0f6637e0e9d8b518d4652361b0aec7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4e0f6637e0e9d8b518d4652361b0aec7\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\660425732726e9b33577f4657b36117d\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\660425732726e9b33577f4657b36117d\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\71a994314faa34c74b73fcac7756eea1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7d6100e060a1f93df520847b1cd9dc71\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7d6100e060a1f93df520847b1cd9dc71\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\843953281f8497f8e20b19c4e3fe3e01\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\843953281f8497f8e20b19c4e3fe3e01\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\94d4564c331fd50de11e52451ac2e679\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\98360ab8e6ce8cc5368bb0f984d5f906\98360ab8e6ce8cc5368bb0f984d5f906

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\98360ab8e6ce8cc5368bb0f984d5f906\98360ab8e6ce8cc5368bb0f984d5f906

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4246a739538de4092ff4efee1ce6dd7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4246a739538de4092ff4efee1ce6dd7\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b45151c33087fb9df3e7d6e3700f80ed\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c97484bc3f0a909669b5abb5a1bd9a86\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\db28a0b760baa74ad8a6115c5936adf2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\db28a0b760baa74ad8a6115c5936adf2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dfb1b328cf19d4352aeb86f82e39c295\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dfb1b328cf19d4352aeb86f82e39c295\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e533f2b7494d7e198f7fd652beea5687\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\10\policy\policy

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\51\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\51\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\52\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\52\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\60\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\asms\70\70

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\root\root

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\backup\root\root

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ec4eaabcd12e69f3a00a5aee112d61fd\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ec4eaabcd12e69f3a00a5aee112d61fd\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ed49db3e3eb4e8cd7de32a9e4fb59630\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ed49db3e3eb4e8cd7de32a9e4fb59630\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ff8044f26e091ff4d09b3860932ee4eb\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ff8044f26e091ff4d09b3860932ee4eb\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 23:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-09 23:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Temp

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!
  • 0

#5
jadi929
Posted 23 October 2009 - 02:29 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
This is the log from avenger:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#6
jadi929
Posted 23 October 2009 - 02:46 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
This is the log from combofix:

ComboFix 09-10-22.01 - Compaq_Administrator 01/03/2008 1:55.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.513 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\jadi929.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-395850661-228338276-2969667330-1007
c:\windows\kb913800.exe

Infected copy of c:\windows\system32\mqbkup.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mqbkup.exe

Infected copy of c:\windows\system32\mqsvc.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mqsvc.exe

Infected copy of c:\windows\system32\mqtgsvc.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mqtgsvc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2009-10-20 22:13 . 2009-10-20 22:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-20 22:01 . 2008-01-03 06:15 -------- d--h--w- c:\windows\PIF
2009-10-20 22:01 . 2009-10-20 22:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-10-20 22:01 . 2009-10-20 22:01 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-10-20 21:33 . 2009-10-20 21:33 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 17:49 . 2008-01-01 04:16 0 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
2009-10-18 20:18 . 2009-10-18 20:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ECSoftware
2009-10-18 20:18 . 2009-10-20 22:01 -------- d-----w- c:\program files\HexEdit
2009-10-17 20:23 . 2009-10-17 20:25 547840 ----a-w- c:\windows\system32\wiaaut.dll
2009-10-17 20:16 . 2008-01-03 06:10 0 ----a-w- c:\windows\win32k.sys
2009-10-17 17:50 . 2009-10-17 17:50 -------- d-----w- c:\program files\uTorrent
2009-10-17 17:49 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-10-16 16:46 . 2009-10-16 16:46 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-10-16 16:46 . 2009-10-16 16:46 -------- d-----w- c:\program files\DIFX
2009-10-16 16:46 . 2009-10-16 16:50 -------- d-----w- c:\program files\Garmin
2009-10-16 16:37 . 2009-10-16 16:37 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GARMIN
2009-10-16 16:36 . 2009-10-16 16:37 -------- d-----w- C:\MapSource
2009-10-13 18:30 . 2009-10-13 18:30 37396 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\program files\MSBuild
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\program files\Reference Assemblies
2009-10-11 14:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-11 14:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-11 14:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-11 14:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-11 14:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- C:\cca6fa5bc76cd6bc4fee5e1381
2009-10-11 14:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-11 14:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 20:40 . 2009-10-18 15:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2009-10-10 20:40 . 2009-10-10 20:40 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-08 21:24 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-08 21:24 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-08 21:24 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-08 21:24 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-06 23:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 23:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 23:43 . 2009-10-06 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 12:50 . 2009-10-03 12:50 -------- d-----w- c:\program files\LibUSB-Win32
2009-10-03 12:50 . 2009-07-07 22:53 28160 ----a-w- c:\windows\system32\drivers\libusb0.sys
2009-10-03 12:50 . 2009-07-07 22:52 41984 ----a-w- c:\windows\system32\libusb0.dll
2009-09-28 02:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-28 02:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-09-28 02:20 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-28 02:20 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-09-27 19:21 . 2009-08-29 07:36 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-27 19:21 . 2009-08-29 07:36 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-27 19:21 . 2009-08-29 07:36 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-09-27 19:21 . 2009-08-28 10:28 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-09-27 19:21 . 2009-08-29 07:36 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-09-27 19:21 . 2009-08-29 07:36 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-27 19:21 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-27 19:21 . 2009-08-29 07:36 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2009-09-24 00:21 . 2009-09-24 00:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\FreshDiagnose
2009-08-16 15:07 . 2009-08-16 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-15 18:30 . 2006-06-04 01:29 48640 ----a-w- c:\windows\system32\hpzll4pi.dll
2009-08-15 18:30 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-08-15 18:30 . 2006-03-04 01:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-08-15 18:30 . 2006-03-04 01:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-08-15 18:30 . 2006-03-04 01:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-08-15 18:30 . 2006-03-04 01:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-08-15 18:30 . 2006-03-04 01:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-08-15 18:29 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-08-15 18:29 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-08-15 17:34 . 2009-08-15 17:34 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 20:58 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-12 20:58 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-12 20:56 . 2009-08-04 14:00 2180352 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-12 20:56 . 2009-08-04 13:58 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-12 20:56 . 2009-08-04 13:13 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-12 20:56 . 2009-08-04 13:13 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-11 21:50 . 2006-06-01 18:47 27648 ------w- c:\windows\system32\dllcache\jgpl400.dll
2009-08-11 21:50 . 2006-06-01 18:47 163840 ------w- c:\windows\system32\dllcache\jgdw400.dll
2009-08-11 19:28 . 2009-10-06 23:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-11 19:28 . 2009-08-28 23:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-11 19:28 . 2009-08-28 23:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-11 19:00 . 2009-08-11 19:00 -------- d-----w- c:\program files\Lavalys
2009-08-11 17:06 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-11 17:06 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-08-10 20:44 . 2009-08-10 20:44 -------- d-----w- c:\windows\system32\AGEIA
2009-08-10 20:43 . 2009-06-04 20:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-10 20:23 . 2008-01-03 07:00 -------- d-sh--r- c:\windows\system32\dllcache
2009-08-10 20:03 . 2006-08-14 23:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-10 20:03 . 2006-08-14 23:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-08-10 20:03 . 2006-08-14 23:00 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-08-08 22:51 . 2008-10-03 13:05 -------- d-----w- c:\program files\SpeedFan
2009-07-28 16:14 . 2009-07-28 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\OpenDNS Updater
2009-07-28 16:14 . 2009-07-28 16:14 -------- d-----w- c:\program files\OpenDNS Updater
2009-07-28 15:02 . 2009-07-28 15:02 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache
2009-07-24 16:14 . 2009-07-24 16:14 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE
2009-07-21 22:18 . 2009-07-21 22:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 19:51 . 2009-10-06 23:43 -------- d-----w- c:\program files\iPod
2009-07-21 18:18 . 2009-07-21 18:18 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-07-19 17:27 . 2009-07-19 17:27 -------- d-----w- c:\windows\ie8updates
2009-07-19 17:24 . 2009-07-19 17:25 -------- dc-h--w- c:\windows\ie8
2009-07-19 17:23 . 2008-01-03 06:15 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-13 18:34 . 2009-07-13 18:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\FixerLabs
2009-07-13 18:34 . 2008-10-03 13:11 -------- d-----w- c:\program files\FixerLabs
2009-07-13 18:19 . 2009-07-13 18:20 -------- d-----w- c:\program files\on0ne Software
2009-07-13 18:18 . 2009-07-13 18:18 -------- d-----w- c:\windows\Geniune Service
2009-07-13 18:18 . 2009-07-13 18:18 -------- d-----w- c:\program files\Geniune Service
2009-07-09 17:15 . 2009-07-09 17:15 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HP
2009-07-09 17:15 . 2009-07-09 17:15 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\IsolatedStorage
2009-07-09 17:15 . 2009-07-09 17:15 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\HP
2009-06-29 23:37 . 2009-07-14 22:11 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\WMTools Downloaded Files
2009-06-26 22:24 . 2009-06-26 22:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\WinZip
2009-06-26 22:23 . 2009-06-26 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-23 19:07 . 2009-06-23 19:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-23 18:55 . 2009-06-23 18:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Broad Intelligence
2009-06-23 18:54 . 2009-06-23 18:54 -------- d-----w- c:\program files\MediaCoder iPod Edition
2009-06-23 17:08 . 2009-09-27 18:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-06-23 17:06 . 2009-09-27 18:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DNA
2009-06-23 17:06 . 2009-08-09 16:51 -------- d-----w- c:\program files\DNA
2009-06-23 17:06 . 2009-06-23 17:06 -------- d-----w- c:\program files\BitTorrent
2009-06-23 17:06 . 2009-06-23 17:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\DNA
2009-06-10 22:33 . 2009-06-10 22:33 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 22:33 . 2009-06-10 22:33 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 22:33 . 2009-06-10 22:33 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 22:33 . 2008-05-02 14:46 1241088 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 12:28 . 2008-05-02 14:46 3391488 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 12:28 . 2008-05-02 14:46 5783552 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 12:28 . 2008-05-02 14:46 6582272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 12:28 . 2008-05-02 14:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 12:28 . 2008-05-02 14:46 159812 ----a-w- c:\windows\system32\nvsvc32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 20:25 . 2004-08-10 04:00 22288 ----a-w- c:\windows\system32\comcat.dll
2009-10-17 20:23 . 2004-08-10 04:00 147728 ----a-w- c:\windows\system32\asycfilt.dll
2009-10-12 19:17 . 2006-08-14 22:55 45784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 03:38 . 2006-08-14 23:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-24 02:46 . 2006-08-14 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-11 14:33 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 04:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-15 18:34 . 2006-08-14 22:46 -------- d-----w- c:\program files\HP
2009-08-11 17:05 . 2006-08-14 23:11 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-08-10 20:41 . 2009-08-10 20:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Symantec
2009-08-10 20:40 . 2009-08-10 20:40 1644 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RF882AA-ABA SR2034NX NA680_YC_0Pres_QCNH635_E64NAemREA3_48_INAOS_SASUSTek Computer INC._V1.05_B3.00_T060630_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#061105_N_Z14F12F20_G10DE06E4.MRK
2009-08-06 23:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2005-03-02 00:59 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-10 11:00 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2004-08-10 04:00 1435648 ------w- c:\windows\system32\query.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-10 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-10 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-10 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-10 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-10 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-10 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-10 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-10 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-10 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-10 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-10 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-10 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-10 04:00 724480 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-10 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-10 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-10 04:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-10 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:48 . 2004-08-10 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-10 11:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2004-08-10 04:00 80896 ------w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 22:33 . 2006-08-14 22:42 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 14:21 . 2004-08-10 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 12:29 . 2009-06-10 12:29 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 12:29 . 2009-06-10 12:29 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:32 . 2004-08-10 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-10 04:00 655872 ------w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-10 22:14 . 2009-08-10 20:06 143 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-07 15:44 . 2004-08-10 04:00 344064 ------w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2004-08-10 04:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 04:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 05:01 . 2004-08-10 04:00 413544 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-06 14:44 . 2004-08-10 04:00 283648 ------w- c:\windows\system32\pdh.dll
2009-02-09 10:20 . 2004-08-10 04:00 399360 ----a-w- c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-10 11:00 714752 ------w- c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-10 04:00 616960 ------w- c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-10 04:00 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 10:20 . 2004-08-10 04:00 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-06 17:14 . 2004-08-10 04:00 110592 ------w- c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-08-10 04:00 35328 ------w- c:\windows\system32\sc.exe
2009-02-06 16:39 . 2004-08-10 04:00 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-12-16 12:47 . 2004-08-10 04:00 351232 ----a-w- c:\windows\system32\winhttp.dll
2008-12-11 11:57 . 2004-08-10 04:00 333184 ------w- c:\windows\system32\drivers\srv.sys
2008-10-24 11:10 . 2004-08-10 04:00 453632 ------w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 . 2004-08-10 04:00 283648 ----a-w- c:\windows\system32\gdi32.dll
2008-10-03 13:04 . 2006-08-14 23:16 -------- d-----w- c:\program files\Yahoo!
2008-10-03 13:02 . 2006-08-14 22:23 -------- d-----w- c:\program files\GemMaster
2008-10-02 20:45 . 2006-08-14 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2008-09-04 16:42 . 2004-08-10 04:00 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-08-14 09:51 . 2004-08-10 04:00 138368 ------w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:32 . 2004-08-10 04:00 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 16:23 . 2004-08-10 04:00 74240 ------w- c:\windows\system32\mscms.dll
2008-06-20 17:41 . 2004-08-10 04:00 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2004-08-10 04:00 360320 ------w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 09:52 . 2004-08-10 04:00 225920 ------w- c:\windows\system32\drivers\tcpip6.sys
2008-06-12 14:16 . 2004-08-10 04:00 956928 ------w- c:\windows\system32\msdtctm.dll
2008-06-12 14:16 . 2004-08-10 04:00 91648 ------w- c:\windows\system32\mtxoci.dll
2008-06-12 14:16 . 2004-08-10 04:00 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:16 . 2004-08-10 04:00 58880 ------w- c:\windows\system32\msdtclog.dll
2008-06-12 14:16 . 2004-08-10 04:00 428032 ------w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:16 . 2004-08-10 04:00 161792 ------w- c:\windows\system32\msdtcuiu.dll
2008-06-11 06:58 . 2004-08-10 04:00 988672 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-11 06:47 . 2004-08-10 04:00 96768 ----a-w- c:\windows\system32\logagent.exe
2008-05-08 12:28 . 2004-08-10 04:00 202752 ------w- c:\windows\system32\drivers\rmcast.sys
2008-04-14 00:12 . 2004-08-10 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2008-04-14 00:12 . 2004-08-10 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2008-04-14 00:12 . 2004-08-10 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2008-04-11 18:50 . 2004-08-10 04:00 683520 ------w- c:\windows\system32\inetcomm.dll
2008-03-27 08:12 . 2004-08-10 04:00 151583 ------w- c:\windows\system32\msjint40.dll
2006-11-05 22:22 . 2009-05-11 00:27 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 180269]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-14 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-14 27136]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-8-14 36903]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10/3/2009 7:50 AM 28160]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/2/2008 3:44 PM 279680]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]
S3 RTCore;RTCore;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\MemoryAnalyzer\RTCore.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\MemoryAnalyzer\RTCore.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\idv4s0og.default\extensions\[email protected]\defaults\preferences\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 02:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\jadi929\CF17427.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\jadi929\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2008-01-03 2:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 07:07

Pre-Run: 217,273,065,472 bytes free
Post-Run: 219,494,420,480 bytes free

- - End Of File - - 368727C0D8067647732B5B29B72B4319
  • 0

#7
Onaipian
Posted 24 October 2009 - 07:49 AM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello :)

STEP 1
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\win32k.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



STEP 2
Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



STEP 3
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program.
  • Check the box that says Scan All Users
  • Check the box that says 64 bit
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post. It's usually located on the Desktop.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button.
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



LOGS AND INFO
Please post back the following:
  • ComboFix.txt
  • RootRepeal.txt
  • OTS.txt (Attached)

Edited by piano9playa5, 24 October 2009 - 07:51 AM.

  • 0

#8
jadi929
Posted 24 October 2009 - 09:50 AM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Here is the log from Combo Fix

ComboFix 09-10-23.01 - Compaq_Administrator 10/24/2009 11:33.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.451 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\jadi929.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"c:\windows\win32k.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\temp\IadHide5.dll
c:\windows\win32k.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 15:30 . 2009-10-24 15:30 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-20 22:13 . 2009-10-20 22:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-20 22:01 . 2008-01-03 06:15 -------- d--h--w- c:\windows\PIF
2009-10-20 22:01 . 2009-10-20 22:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-10-20 22:01 . 2009-10-20 22:01 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-10-20 21:33 . 2009-10-20 21:33 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 17:49 . 2008-01-01 04:16 0 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
2009-10-18 20:18 . 2009-10-18 20:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ECSoftware
2009-10-18 20:18 . 2009-10-20 22:01 -------- d-----w- c:\program files\HexEdit
2009-10-17 20:23 . 2009-10-17 20:25 547840 ----a-w- c:\windows\system32\wiaaut.dll
2009-10-17 17:50 . 2009-10-17 17:50 -------- d-----w- c:\program files\uTorrent
2009-10-17 17:49 . 2009-10-17 20:26 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-10-16 16:46 . 2009-10-16 16:46 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-10-16 16:46 . 2009-10-16 16:46 -------- d-----w- c:\program files\DIFX
2009-10-16 16:46 . 2009-10-16 16:50 -------- d-----w- c:\program files\Garmin
2009-10-16 16:37 . 2009-10-16 16:37 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GARMIN
2009-10-16 16:36 . 2009-10-16 16:37 -------- d-----w- C:\MapSource
2009-10-13 18:30 . 2009-10-13 18:30 37396 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\program files\MSBuild
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- c:\program files\Reference Assemblies
2009-10-11 14:14 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-11 14:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-11 14:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-11 14:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-11 14:14 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-11 14:14 . 2009-10-11 14:14 -------- d-----w- C:\cca6fa5bc76cd6bc4fee5e1381
2009-10-11 14:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-11 14:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 20:40 . 2009-10-18 15:36 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2009-10-10 20:40 . 2009-10-10 20:40 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-08 21:24 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-08 21:24 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-08 21:24 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-08 21:24 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-06 23:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-06 23:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-06 23:43 . 2009-10-06 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 12:50 . 2009-10-03 12:50 -------- d-----w- c:\program files\LibUSB-Win32
2009-10-03 12:50 . 2009-07-07 22:53 28160 ----a-w- c:\windows\system32\drivers\libusb0.sys
2009-10-03 12:50 . 2009-07-07 22:52 41984 ----a-w- c:\windows\system32\libusb0.dll
2009-09-28 02:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-28 02:20 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-09-28 02:20 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-28 02:20 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-09-27 19:21 . 2009-08-29 07:36 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-27 19:21 . 2009-08-29 07:36 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-27 19:21 . 2009-08-29 07:36 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-09-27 19:21 . 2009-08-28 10:28 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-09-27 19:21 . 2009-08-29 07:36 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-09-27 19:21 . 2009-08-29 07:36 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-27 19:21 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-27 19:21 . 2009-08-29 07:36 63488 ------w- c:\windows\system32\dllcache\icardie.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 20:25 . 2004-08-10 04:00 22288 ----a-w- c:\windows\system32\comcat.dll
2009-10-17 20:23 . 2004-08-10 04:00 147728 ----a-w- c:\windows\system32\asycfilt.dll
2009-10-17 01:58 . 2009-05-18 18:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-10-12 19:17 . 2006-08-14 22:55 45784 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 16:44 . 2009-05-20 19:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DiskAid
2009-10-09 15:44 . 2009-05-10 22:49 -------- d-----w- c:\program files\WinSCP
2009-10-08 20:40 . 2009-05-10 22:30 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2009-10-06 23:43 . 2009-05-10 22:30 -------- d-----w- c:\program files\iTunes
2009-10-06 23:43 . 2009-07-21 19:51 -------- d-----w- c:\program files\iPod
2009-10-06 23:41 . 2009-06-04 21:55 -------- d-----w- c:\program files\QuickTime
2009-10-06 23:40 . 2009-05-10 22:28 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 18:14 . 2009-06-23 17:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-09-27 18:14 . 2009-06-23 17:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DNA
2009-09-24 03:38 . 2006-08-14 23:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-24 02:46 . 2006-08-14 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-24 00:36 . 2009-09-24 00:21 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\FreshDiagnose
2009-09-11 14:33 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-10 04:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 04:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 23:42 . 2009-08-11 19:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-11 19:28 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-16 15:11 . 2009-05-10 22:36 124362 ----a-w- c:\windows\HPHins12.dat
2009-08-06 23:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-10-16 21:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-10 04:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2005-03-02 00:59 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-10 11:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:53 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2006-11-05 22:22 . 2009-05-11 00:27 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2008-01-03_07.03.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-31 04:07 . 2009-10-24 15:25 88338 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2009-10-24 15:25 480890 c:\windows\system32\perfh009.dat
+ 2009-10-24 15:21 . 2009-10-24 15:21 114688 c:\windows\ERDNT\AutoBackup\10-24-2009\Users\00000002\UsrClass.dat
+ 2009-10-24 15:21 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\10-24-2009\ERDNT.EXE
+ 2009-10-24 15:21 . 2009-10-24 15:21 1974272 c:\windows\ERDNT\AutoBackup\10-24-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 180269]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-14 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-14 27136]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-8-14 36903]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/2/2008 4:44 PM 279680]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10/3/2009 8:50 AM 28160]
S3 RTCore;RTCore;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\MemoryAnalyzer\RTCore.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\MemoryAnalyzer\RTCore.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\idv4s0og.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\jadi929\CF30925.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\jadi929\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 11:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-24 15:44
ComboFix2.txt 2008-01-03 07:07

Pre-Run: 219,505,041,408 bytes free
Post-Run: 219,467,292,672 bytes free

- - End Of File - - 88D52B896CDBD258D9328481261355FA
  • 0

#9
Onaipian
Posted 24 October 2009 - 01:06 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
I also need the RootRepeal and OTS logs :)
  • 0

#10
jadi929
Posted 24 October 2009 - 01:27 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Yes, RootRepeal is taking a while to scan, not sure why. Maybe its supposed to take long?

Also, I tried earlier to restore the computer to an earlier time but for some reason it failed. My computer also wanted me to update to windows service pack 3. I tried to insall it but at the end it says it failed.

I'll be posting the other logs shortly. Thanks!
  • 0

Advertisements

#11
jadi929
Posted 24 October 2009 - 01:39 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
RootRepeal was scanning and now my pc has a blue screen with windows logo and it says preparing to go into stand by, it been there for like 15 minutes. what do i do?
  • 0

#12
Onaipian
Posted 24 October 2009 - 02:25 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello.

If your computer goes into Stand-By mode, you should be able to bring it back, by tapping a key.

If you are still hanging at the blue screen, then you may have to force-shutdown the computer; hold the power button for about 6-7 seconds.

Once you get back in, skip RootRepeal, and just go to OTS.
  • 0

#13
jadi929
Posted 24 October 2009 - 02:47 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Ok, I cancelled rootrepeal. Attached is the log from OTS.

Attached Files

  • Attached File  OTS.Txt   149.44KB   82 downloads

  • 0

#14
Onaipian
Posted 24 October 2009 - 03:52 PM

Onaipian

    Notepad warrior

  • Retired Staff
  • 2,130 posts
Hello.

STEP 1
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean



STEP 2
Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



STEP 3
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



STEP 4
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



LOGS REQUIRED
Remember to post back the following logs:
MBAM log
Results from Kaspersky
  • 0

#15
jadi929
Posted 24 October 2009 - 05:12 PM

jadi929

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I installed MBAM and it actualy scanned instead of just closing out. It found one infection, and I told it to remove it, it asked me to restart, so I did. Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 3027
Windows 5.1.2600 Service Pack 2

10/24/2009 6:55:44 PM
mbam-log-2009-10-24 (18-55-41).txt

Scan type: Quick Scan
Objects scanned: 108646
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Geniune Service\groupmanager.exe (Backdoor.Bot) -> No action taken.


Not sure why it says "no action taken" at the end. I thought it was supposed to remove it?


Also, the link to JavaRa is broken. It takes me to a site that says action forbidden or something. Do you want me to just google it and download from somewhere else?

Edited by jadi929, 24 October 2009 - 05:14 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP