application cannot be executed. The file wuauclt.exe is infected"

View previous topic View next topic Go down

application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 4th February 2010, 5:49 pm

I have been removing old files and trying to clean up my pc over past few days. I started my laptop today and started getting the error msgs application cannot be executed. The file wuauclt.exe is infected"
im not for sure where to start. Can somebody please assist me and get this virsus off. Im running windows vista

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by Belahzur on 4th February 2010, 8:54 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 6th February 2010, 3:43 pm

OTL logfile created on: 2/6/2010 9:32:54 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\others\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 180.25 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFERY-PC
Current User Name: Jeffery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/06 09:31:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\others\Downloads\OTL.exe
PRC - [2010/02/04 12:48:11 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/04 12:48:01 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/02/04 12:47:54 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/02/04 12:47:50 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/02 18:23:43 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/01/14 15:20:32 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/20 09:03:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/27 09:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/21 11:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/23 01:18:52 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/03/24 01:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/08 11:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 11:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/21 22:21:08 | 001,738,032 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2008/04/17 01:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 01:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 01:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 22:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/03/27 09:04:28 | 000,656,040 | ---- | M] () -- C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmon.exe
PRC - [2008/03/27 09:04:22 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmsdmon.exe
PRC - [2008/02/21 09:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/28 11:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 13:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/06 09:31:44 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\others\Downloads\OTL.exe
MOD - [2008/01/20 20:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 20:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/04/24 19:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/27 17:10:02 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lxdqcoms.exe -- (lxdq_device)
SRV:64bit: - [2008/02/27 17:09:54 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdqserv.exe -- (lxdqCATSCustConnectService)
SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/02/04 12:47:54 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/04 12:47:50 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/02 18:23:43 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/27 09:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/12/22 07:19:24 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/10/22 06:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/18 12:55:48 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/04 15:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/27 12:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 01:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/03 22:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/02/27 17:09:44 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdqcoms.exe -- (lxdq_device)
SRV - [2008/02/21 09:02:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/09/28 11:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/08/21 20:22:00 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/02 07:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/04 12:49:46 | 000,470,024 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/02/04 12:49:23 | 000,422,920 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/02/04 12:49:22 | 000,034,248 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/02/02 18:23:54 | 000,250,400 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/02/02 18:23:20 | 001,455,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/02/02 18:23:08 | 000,929,312 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010/02/02 18:22:47 | 000,254,496 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/03 10:01:28 | 000,256,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2009/06/03 10:01:28 | 000,213,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/06/03 10:01:28 | 000,213,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/06/03 10:01:28 | 000,213,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/06/02 01:00:00 | 000,027,632 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2009/06/02 01:00:00 | 000,027,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2009/06/02 01:00:00 | 000,019,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2009/02/19 11:31:42 | 000,028,720 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 11:31:18 | 000,047,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 11:31:00 | 000,266,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 11:30:58 | 000,145,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 11:30:58 | 000,028,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 11:30:58 | 000,016,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/01/20 15:21:50 | 000,172,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/11/11 11:59:26 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssrangdr.sys -- (ssrangdr)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/07/28 16:55:28 | 001,146,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/12 19:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 11:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 18:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/01 14:50:18 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/01/31 12:51:00 | 000,476,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/31 12:51:00 | 000,440,880 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/31 12:51:00 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/20 20:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 20:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/12/20 17:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 19:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/19 23:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 00:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 00:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/11/01 23:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008/11/20 09:38:36 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/20 09:38:36 | 000,128,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/10/03 16:21:54 | 000,368,688 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090113.002\IDSviA64.sys -- (IDSvia64)
DRV - [2008/07/30 17:28:04 | 000,000,841 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2006/09/18 15:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2004/12/08 16:47:22 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/12/08 16:47:22 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SNTNLUSB.SYS -- (Sntnlusb)

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 6th February 2010, 3:43 pm

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\S-1-5-21-3903322556-632712477-3017477609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\S-1-5-21-3903322556-632712477-3017477609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\S-1-5-21-3903322556-632712477-3017477609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\S-1-5-21-3903322556-632712477-3017477609-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/02/04 12:47:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/04 12:48:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/14 15:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/14 15:20:47 | 000,000,000 | ---D | M]

[2009/08/31 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Extensions
[2009/08/06 14:43:03 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/09/12 07:43:10 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\6jntijrd.default\extensions
[2010/02/04 11:12:42 | 000,000,000 | ---D | M] -- C:\Users\Jeffery\AppData\Roaming\Mozilla\Firefox\Profiles\gr8lbo66.default\extensions
[2009/11/18 15:50:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [lxdqamon] C:\Program Files (x86)\Lexmark Z2400 Series\lxdqamon.exe ()
O4:64bit: - HKLM..\Run: [lxdqmon.exe] C:\Program Files (x86)\Lexmark Z2400 Series\lxdqmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [jdqstmod] C:\Users\Jeffery\AppData\Local\ywbgtd\tyecsftav.exe ()
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [TOSCDSPD] File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001..\Run: [BitTorrent DNA] C:\Users\Jeffery\Program Files (x86)\DNA\btdna.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picaboo.lnk = C:\Program Files (x86)\Picaboo\Picaboo\PicabooMain.exe File not found
O4 - Startup: C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O15 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} [You must be registered and logged in to see this link.] (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a7565e0a-8365-11de-af0f-001e336f6c4b}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/04 12:49:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/04 12:48:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/02/04 12:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/02/04 12:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/02/04 12:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/04 11:57:38 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Malwarebytes
[2010/02/04 11:57:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/04 11:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/04 11:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/04 11:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/02/04 10:24:21 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\ywbgtd
[2010/02/02 18:58:47 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\Documents\MyBackups
[2010/02/02 18:56:25 | 000,000,000 | RHSD | C] -- C:\bootwiz
[2010/02/02 18:29:55 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Acronis
[2010/02/02 18:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/02/02 18:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/02/02 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\Acronis.True.Image.Home.2010.v13.0.0.5055-IND [BeLLBoY]
[2010/01/29 14:28:31 | 000,000,000 | ---D | C] -- C:\perflogs
[2010/01/24 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Roxio
[2010/01/23 16:44:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Macrovision
[2010/01/23 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\Sonic_Solutions
[2010/01/23 15:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2010/01/23 14:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CinemaNow
[2010/01/23 14:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CinemaNow
[2010/01/23 14:53:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Simple Star
[2010/01/23 14:53:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\Documents\My PhotoShows
[2010/01/23 14:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoShow Shared Assets
[2010/01/23 14:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio
[2010/01/23 14:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/01/23 14:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010/01/23 14:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2010/01/23 14:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio 2010
[2010/01/23 14:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/01/23 14:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/01/23 14:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/01/23 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/01/23 14:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio 2010
[2010/01/23 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010/01/23 14:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2010/01/23 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Roaming\Roxio Log Files
[2010/01/23 14:10:37 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\Roxio Creator 2010 Pro
[2010/01/23 07:06:05 | 000,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/01/23 07:06:05 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/01/23 07:06:01 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/01/23 07:05:59 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/01/23 07:05:58 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/01/23 07:05:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/01/23 07:05:57 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/01/23 07:05:57 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/01/23 07:05:57 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/01/23 07:05:56 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/01/23 07:05:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/01/23 07:05:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/01/14 15:29:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/14 15:29:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/09/13 11:19:51 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqpmui.dll
[2009/09/13 11:19:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqinpa.dll
[2009/09/13 11:19:51 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqiesc.dll
[2009/09/13 11:19:50 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqserv.dll
[2009/09/13 11:19:50 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqusb1.dll
[2009/09/13 11:19:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqprox.dll
[2009/09/13 11:19:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqcomc.dll
[2009/09/13 11:19:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqhbn3.dll
[2009/09/13 11:19:49 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqlmpm.dll
[2009/09/13 11:19:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdqcomm.dll
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\RCCOLLAB.DLL
[73 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[73 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jeffery\AppData\Local\*.tmp files -> C:\Users\Jeffery\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/06 09:32:28 | 002,883,584 | -HS- | M] () -- C:\Users\Jeffery\ntuser.dat
[2010/02/06 09:32:13 | 000,524,288 | -HS- | M] () -- C:\Users\Jeffery\ntuser.dat{dae0d68b-a002-11de-ace0-001e336f6c4b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 09:32:13 | 000,065,536 | -HS- | M] () -- C:\Users\Jeffery\ntuser.dat{dae0d68b-a002-11de-ace0-001e336f6c4b}.TM.blf
[2010/02/06 09:20:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/06 09:20:47 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/06 09:20:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/06 09:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/06 09:20:34 | 4156,555,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/06 08:47:58 | 055,171,614 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/05 06:52:05 | 000,002,082 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk
[2010/02/04 12:49:53 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/02/04 12:49:46 | 000,470,024 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/02/04 12:49:46 | 000,012,464 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/02/04 12:49:23 | 000,422,920 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/02/04 12:49:22 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/02/04 12:49:22 | 000,034,248 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/02/04 12:48:41 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/02/04 12:48:41 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/02/04 12:48:41 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/02/04 12:09:32 | 001,704,756 | -H-- | M] () -- C:\Users\Jeffery\AppData\Local\IconCache.db
[2010/02/04 11:57:36 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 18:56:52 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/02 18:56:52 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/02 18:56:52 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/02 18:56:47 | 002,717,096 | ---- | M] () -- C:\Windows\SysNative\auto_reactivate.exe
[2010/02/02 18:23:54 | 000,250,400 | ---- | M] () -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/02/02 18:23:20 | 001,455,648 | ---- | M] () -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010/02/02 18:23:08 | 000,929,312 | ---- | M] () -- C:\Windows\SysNative\drivers\timntr.sys
[2010/02/02 18:22:47 | 000,254,496 | ---- | M] () -- C:\Windows\SysNative\drivers\snapman.sys
[2010/02/02 18:22:45 | 000,002,155 | ---- | M] () -- C:\Users\Jeffery\Desktop\Acronis One-Click Backup.lnk
[2010/02/02 18:22:45 | 000,001,017 | ---- | M] () -- C:\Users\Jeffery\Desktop\Acronis True Image Home 2010.lnk
[2010/01/29 14:40:05 | 000,000,632 | RHS- | M] () -- C:\Users\Jeffery\ntuser.pol
[2010/01/26 17:05:57 | 000,000,680 | ---- | M] () -- C:\Users\Jeffery\AppData\Local\d3d9caps.dat
[2010/01/24 16:36:19 | 000,462,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/23 16:44:20 | 000,135,456 | ---- | M] () -- C:\Users\Jeffery\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/23 15:58:52 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Roxio Creator 2010 Pro.lnk
[2010/01/23 14:56:58 | 000,001,375 | ---- | M] () -- C:\Users\Jeffery\Documents\CinemaNow.lnk
[2010/01/23 14:32:06 | 000,025,479 | ---- | M] () -- C:\Users\Jeffery\Desktop\helpabout.jpg
[2010/01/23 14:24:47 | 000,030,208 | ---- | M] () -- C:\Users\Jeffery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 06:58:46 | 000,001,564 | ---- | M] () -- C:\Users\Jeffery\AppData\Roaming\wklnhst.dat
[2010/01/20 15:13:12 | 000,025,088 | ---- | M] () -- C:\Users\Jeffery\Documents\senior packages.doc
[2010/01/15 01:39:12 | 678,186,753 | ---- | M] () -- C:\Users\Jeffery\Desktop\Dance_music_ot_Dfm.rar
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 000,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[73 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[73 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jeffery\AppData\Local\*.tmp files -> C:\Users\Jeffery\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 12:49:53 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/02/04 12:49:46 | 000,012,464 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/02/04 12:49:45 | 000,470,024 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/02/04 12:49:23 | 000,422,920 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/02/04 12:49:22 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/02/04 12:49:22 | 000,034,248 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/02/04 12:48:41 | 055,171,614 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/04 12:48:41 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/02/04 12:48:41 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/02/04 12:48:38 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/02/04 11:57:36 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 11:57:32 | 000,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/02 18:56:47 | 002,717,096 | ---- | C] () -- C:\Windows\SysNative\auto_reactivate.exe
[2010/02/02 18:23:54 | 000,250,400 | ---- | C] () -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/02/02 18:23:20 | 001,455,648 | ---- | C] () -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010/02/02 18:23:08 | 000,929,312 | ---- | C] () -- C:\Windows\SysNative\drivers\timntr.sys
[2010/02/02 18:22:47 | 000,254,496 | ---- | C] () -- C:\Windows\SysNative\drivers\snapman.sys
[2010/02/02 18:22:45 | 000,002,155 | ---- | C] () -- C:\Users\Jeffery\Desktop\Acronis One-Click Backup.lnk
[2010/02/02 18:22:45 | 000,001,017 | ---- | C] () -- C:\Users\Jeffery\Desktop\Acronis True Image Home 2010.lnk
[2010/01/29 21:38:21 | 000,002,082 | ---- | C] () -- C:\Users\Jeffery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk
[2010/01/26 17:05:57 | 000,000,680 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\d3d9caps.dat
[2010/01/23 14:58:57 | 000,027,632 | ---- | C] () -- C:\Windows\SysNative\drivers\SaibVdAd64.sys
[2010/01/23 14:58:56 | 000,027,120 | ---- | C] () -- C:\Windows\SysNative\drivers\Sahdad64.sys
[2010/01/23 14:58:56 | 000,019,952 | ---- | C] () -- C:\Windows\SysNative\drivers\Saibad64.sys
[2010/01/23 14:56:55 | 000,001,375 | ---- | C] () -- C:\Users\Jeffery\Documents\CinemaNow.lnk
[2010/01/23 14:52:21 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Roxio Creator 2010 Pro.lnk
[2010/01/23 14:42:48 | 000,055,280 | ---- | C] () -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010/01/23 14:42:48 | 000,010,224 | ---- | C] () -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010/01/23 14:42:48 | 000,010,224 | ---- | C] () -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010/01/23 14:32:06 | 000,025,479 | ---- | C] () -- C:\Users\Jeffery\Desktop\helpabout.jpg
[2010/01/23 07:06:14 | 005,686,784 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/01/23 07:06:12 | 007,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/01/23 07:06:10 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/01/23 07:06:06 | 001,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/01/23 07:06:05 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/01/23 07:06:01 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/01/23 07:06:00 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/01/23 07:05:59 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/01/23 07:05:59 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/01/23 07:05:59 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/01/23 07:05:58 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/01/23 07:05:57 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/01/23 07:05:57 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/01/23 07:05:56 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/01/23 07:05:56 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/01/23 07:05:56 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/01/23 07:05:54 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/01/20 14:19:06 | 000,025,088 | ---- | C] () -- C:\Users\Jeffery\Documents\senior packages.doc
[2010/01/16 13:01:03 | 678,186,753 | ---- | C] () -- C:\Users\Jeffery\Desktop\Dance_music_ot_Dfm.rar
[2010/01/14 15:29:45 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/01/14 15:29:45 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/01/01 18:10:23 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/10/19 09:02:58 | 000,069,341 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/10/19 09:02:50 | 000,056,130 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\dd_dotnetfx3install.txt
[2009/10/19 09:02:50 | 000,001,800 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\uxeventlog.txt
[2009/10/19 09:02:50 | 000,000,596 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\dd_dotnetfx3error.txt
[2009/09/17 17:42:25 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2009/09/13 11:19:52 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDQinst.dll
[2009/09/13 11:19:52 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdqcomx.dll
[2009/08/04 12:13:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/20 17:04:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/15 20:26:43 | 000,000,733 | ---- | C] () -- C:\Windows\saplogon.ini
[2009/06/15 20:21:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\vtssm32.dll
[2009/05/04 12:30:44 | 000,005,044 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2008/11/24 21:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/11/22 09:10:17 | 000,001,564 | ---- | C] () -- C:\Users\Jeffery\AppData\Roaming\wklnhst.dat
[2008/11/22 09:05:26 | 000,024,226 | ---- | C] () -- C:\Users\Jeffery\AppData\Roaming\UserTile.png
[2008/11/22 09:03:38 | 000,030,208 | ---- | C] () -- C:\Users\Jeffery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 16:00:15 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/09/24 15:26:37 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2008/09/24 15:26:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2008/09/24 15:26:37 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/28 06:06:52 | 001,559,040 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/08/28 06:06:52 | 000,585,728 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/08/18 12:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 12:23:51 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/18 12:23:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/18 12:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/18 12:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/18 12:23:51 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/18 12:23:51 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/02/28 14:33:00 | 000,343,040 | R--- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2005/02/28 14:33:00 | 000,116,736 | R--- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2005/02/28 14:08:30 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys
< End of report >

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 6th February 2010, 3:44 pm

OTL Extras logfile created on: 2/6/2010 9:32:54 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\others\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 180.25 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFERY-PC
Current User Name: Jeffery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AC5331-12BA-4D8D-9AF0-9ADA716D8C8C}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{158CF375-5770-4070-BC28-45FB12F5A709}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{180E02C5-CE96-4DD2-B7D0-C2CB7819BAF2}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1AE9511F-174D-4D63-A2DF-036B4D6E6379}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F7957C4-A76E-4F1D-99DF-6EFDBE9C92A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{321BE4E9-9C73-4D57-8533-7F08B0DED292}" = rport=139 | protocol=6 | dir=out | app=system |
"{32590C47-0B84-4BCC-9061-9A76D2A7ADB3}" = lport=138 | protocol=17 | dir=in | app=system |
"{32EB0918-7218-4D0E-ACF1-0BD8CCA33896}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{405D1FB1-76B7-4253-95EA-E89CE8392089}" = rport=137 | protocol=17 | dir=out | app=system |
"{50326805-F106-4144-A274-D1529834888D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53CA54DC-9D60-4BBE-ABA3-C11243FA7CEC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{5DFEE72B-E55C-4585-9113-10B6D1F868F3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5EF92883-FD46-4872-8EFA-0D1C0B71214B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6D7E8A1C-B750-4CDD-A395-5FCC317CD76B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{735913DF-8CAC-4156-B57B-4B947BE988A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81F5B5BB-AAFB-465A-975D-5DC0EC026213}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8375DA19-B1E8-4FDB-85BA-68A26BFA8A3E}" = rport=445 | protocol=6 | dir=out | app=system |
"{866CE57E-435E-4B67-B39C-4FF3ECBBF5E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F9A567A-1F85-449E-AE7F-727F17D4E2F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AD6740B-00E8-4801-84CC-413989896FFA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{9EFB8A19-3BA2-49A3-BAD9-D08C601D9589}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C2E5F002-E4AD-422D-8C36-441319E1721E}" = lport=139 | protocol=6 | dir=in | app=system |
"{C91D4B21-2EEF-425D-9278-D470D66BBDA1}" = lport=80 | protocol=6 | dir=in | app=system |
"{EA274B25-D51D-4FF2-974E-904354D3BC72}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9688628-ECE4-42B4-BF5C-CFF9F1265D4F}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00431A40-C608-4750-90F9-769FD041006A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{0A60B0D7-D78A-44EE-AC04-1A981BADBB57}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{0F88E9A1-4F29-4F9E-9376-7A14BA101903}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{1BD14A95-AD18-42C9-A0A3-2310DE35CFD2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqpswx.exe |
"{1EAD22A7-87DB-4F6D-BB87-951435E69B3A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqtime.exe |
"{1F7E4772-2065-4C02-81F9-191F391E40FB}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark z2400 series\lxdqamon.exe |
"{231E4D43-F4C8-451C-9764-0E9FD26D1813}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2CCF3CF6-2EDC-48B9-9C2D-692B124D661D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqwbgw.exe |
"{30C94DA2-6E12-4D54-BE70-F3A5ABB8B87F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark z2400 series\frun.exe |
"{3B1785D1-9E87-4D59-B8ED-5E95BC94A2BB}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{3BAC85CA-F2D7-4780-A0CA-13D794510589}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqpswx.exe |
"{4DB5B4E4-687B-405F-AF99-B6E4BF1E2D82}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark z2400 series\frun.exe |
"{6020A16B-12B4-4929-AB2A-B4793B55B816}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62EBB7E1-1032-47C0-AA09-529FADF6EA3D}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdqcoms.exe |
"{765C7C94-B66B-4187-920D-40744A0F190F}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{76A9A75E-9D0E-4BC1-8D97-A47E394DE7FD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqpswx.exe |
"{854E87F5-271B-4B21-9E2B-5CCB6243DCFB}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark z2400 series\lxdqamon.exe |
"{88A95A74-6A01-4048-BF82-C794CFE6D471}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqtime.exe |
"{8C467463-DBFB-42AA-92F3-41E33EB041AF}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark z2400 series\lxdqmon.exe |
"{8FA6B19B-A981-49FD-A62B-45950480C166}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96D90CBD-192F-400B-93EF-B171E57FB754}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqpswx.exe |
"{A0AFCD10-E94C-4C2D-81C0-230B837398E9}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A19C6FD7-271E-48DE-8947-D5DF85099691}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A27C7D79-E1B7-4741-ADAA-1EE037733378}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7B8193A-13A0-4B5A-A872-EA8105B63681}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqwbgw.exe |
"{BC362AB9-F9DB-4619-86C8-F23E433AEEE2}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcoms.exe |
"{C21CED17-7ECF-4899-BAB9-1CB74D829422}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{CA6866CF-32F8-4032-8C14-053D5281E8F7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D108E231-83B4-4DF5-AD6A-5775F556B0C3}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E3D59F74-74E3-45F6-8556-0D1BE911BB58}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdqcoms.exe |
"{E728D954-7271-45EA-AEBE-3F158320968B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E98E2911-F7B1-4822-8958-199B81D7CFE1}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{EE24592D-1296-4A41-8A29-02AAFCC2F50B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark z2400 series\lxdqmon.exe |
"{F05A7E8D-AF3B-4D8A-A631-E65EBA972B29}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F138C105-48EB-492A-9A96-76F8D5F7C4F2}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{F9C912E5-C2B1-45D1-9440-A3D45D572D48}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqtime.exe |
"{FB3895EB-965A-40D3-91A7-C04F84C13676}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{FC9C4625-46AD-44D5-B81D-DD19602A5D85}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdqtime.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2B8AD1EE-28D4-42FF-AE4B-856E5862D583}" = ccCommon64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelŽ Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}" = TOSHIBA Application Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD927EB7-78D3-4DC4-9325-7CBD89D8F0E5}" = GearDrvs
"{CA6EEE38-7E4F-4BA7-8D8E-1AEB6B9FD4B0}" = SymNet x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D75B1A1F-BBEC-4DF2-ACE4-9B166438A621}" = Symantec Real Time Storage Protection Component (x64)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Lexmark Z2400 Series" = Lexmark Z2400 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content
"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
"{8ECB8220-F420-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 (Plus Pack)
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5DEDB3F-07AC-476F-944F-DB96F5EF657A}" = ExpressDigital Darkroom Web Edition V8.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG9Uninstall" = AVG Free 9.0
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"PROR" = Microsoft Office Professional 2007 Trial
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Rainbow Sentinel Driver" = Sentinel System Driver
"Roxio PhotoShow" = Roxio PhotoShow
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TomTom HOME" = TomTom HOME 2.7.2.1825
"VZAccess Manager" = VZAccess Manager
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3903322556-632712477-3017477609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nations Photo Lab ROES" = Nations Photo Lab ROES

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3903322556-632712477-3017477609-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Nations Photo Lab ROES" = Nations Photo Lab ROES

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2009 7:22:03 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:22:03 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:22:04 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:22:05 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:22:06 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:25:35 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:25:35 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 7:59:34 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/18/2009 8:59:42 PM | Computer Name = Jeffery-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 8/19/2009 8:19:55 AM | Computer Name = Jeffery-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/10/2009 1:27:15 PM | Computer Name = Jeffery-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/21/2009 12:46:55 PM | Computer Name = Jeffery-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 191
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/6/2010 11:26:16 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/6/2010 11:26:47 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/6/2010 11:32:14 AM | Computer Name = Jeffery-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SQ004817V03.


< End of report >

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by Belahzur on 6th February 2010, 7:25 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3903322556-632712477-3017477609-1000..\Run: [jdqstmod] C:\Users\Jeffery\AppData\Local\ywbgtd\tyecsftav.exe ()
    [2010/02/04 10:24:21 | 000,000,000 | ---D | C] -- C:\Users\Jeffery\AppData\Local\ywbgtd



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 6th February 2010, 8:31 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3903322556-632712477-3017477609-1000\Software\Microsoft\Windows\CurrentVersion\Run\\jdqstmod deleted successfully.
File C:\Users\Jeffery\AppData\Local\ywbgtd\tyecsftav.exe not found.
C:\Users\Jeffery\AppData\Local\ywbgtd folder moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02062010_143020

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by Belahzur on 6th February 2010, 8:40 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 16
    Java(TM) 6 Update 6

  • Click on the Uninstall/Change button at the top.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 6th February 2010, 9:59 pm

not getting the error msgs any more but having problems with firefox and ie freesing up at different times.

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by Belahzur on 7th February 2010, 1:10 am

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 7th February 2010, 8:14 pm

it cleaned alot of space up but didnt help my problem. i was on facebook then walked away from laptop. when i came back the page was not responding. i seems like all programs will stop responding and wont let me shutdown the laptop.

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

wuaucit.exe is infected

Post by zackan on 7th February 2010, 10:06 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic.

zackan
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-02-07
OS OS : windows vista
Points Points : 25005
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 8th February 2010, 7:18 pm

is there anything else i could try. i havent tried running a reg cleaner yet.

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by Belahzur on 8th February 2010, 8:17 pm

Your Firefox is out of date, so lets try updating it so it does a fresh install incase any files are damaged.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.7 you currently have installed, so you won't lose any bookmarked websites.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 9th February 2010, 6:36 pm

i updated firefox and cleaned reg but still getting not responding on internet explorer and firefox

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: application cannot be executed. The file wuauclt.exe is infected"

Post by bodiddle on 19th February 2010, 4:30 pm

I am now having trouble with all programs not responding. Is there anything else i can try to solve this problem

bodiddle
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-02-04
OS OS : windows vista
Points Points : 25161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum