wuauclt.exe is infected

View previous topic View next topic Go down

wuauclt.exe is infected

Post by cantrad on Mon Feb 08, 2010 2:03 pm

Hello,

You very kindly sorted out a problem for me a short time ago and I again need your help with a family members machine:

wuauclt.exe is infected has apeared on the machine in question. Cannot access internet and cannot open any files. OS is win XP pro and internet access is via IE.

I am using a different machine to send this post. Look forward to hearing from you.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Mon Feb 08, 2010 3:13 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Mon Feb 08, 2010 4:52 pm

Please advise how to download as cannot access internet.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Mon Feb 08, 2010 5:33 pm

Managed to use a flashdrive to transfer OTL to the infected machine and saved it to the desktop. Attempted to open and run scan but got a security popup "Application cannot be executed. The file scan32.exe is infected. Do you want to activate your antivirus now?"

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Mon Feb 08, 2010 8:22 pm

Hello.

Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Will IceSword open?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Tue Feb 09, 2010 4:11 am

Hello, after several attempts (very nearly gave up) pleased to report that IceSword is open.
Await your next instruction.
Regards.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Tue Feb 09, 2010 2:23 pm

Hello.

  • Now, on the left hand side tool, hit the Process button at the top of the list.
  • Just above the list, there is a log button, press that and save the log to your Desktop.
  • Next, hit the Startup on the left side list.
  • Press the log button again.
  • Post the two logs in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Tue Feb 09, 2010 2:40 pm

Hello,
logs to follow, still using the flashdrive as still no access to internet on infected machine:

Process:

System Idle Process
System
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetWaiting\netwaiting.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf\tuuhsftav.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
\...\DP(1)0-0+6
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Tue Feb 09, 2010 2:41 pm

Second log:

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
stsystra.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Dell QuickSet
C:\Program Files\Dell\QuickSet\quickset.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Broadcom Wireless Manager UI
C:\WINDOWS\system32\WLTRAY.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSPM Startup
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoxioDragToDisc
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Desktop Search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ECenter
C:\Dell\E-Center\EULALauncher.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
dscactivate
"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCMService
"C:\Program Files\Dell\MediaDirect\PCMService.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Software Update
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMSX
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechCameraAssistant
C:\Program Files\Logitech\Video\CameraAssistant.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechVideo[inspector]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechCameraService(E)
C:\WINDOWS\system32\ElkCtrl.exe /automation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NokiaMServer
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Nokia FastStart
"C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RoxWatchTray
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
McAfeeUpdaterUI
"C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ShStatEXE
"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NPSStartup


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ynxdqitg
C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf\tuuhsftav.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ModemOnHold
C:\Program Files\NetWaiting\netWaiting.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LDM
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LogitechSoftwareUpdate
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Start WingMan Profiler


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
PC Suite Tray
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AutoStartNPSAgent
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdobeUpdater
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Jessops Insert Detect
C:\Program Files\Jessops\Picture Suite\InsDetect.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ynxdqitg
C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf\tuuhsftav.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk
C:\Program Files\Digital Line Detect\DLG.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Remark£º)

C:\Documents and Settings\Gary Mallett\Start Menu\Programs\Startup
desktop.ini


Regards.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Tue Feb 09, 2010 7:38 pm

Hello.


  • Open IceSword again.
  • Go into the Process list again, and right click on the following filename:

    tuuhsftav.exe

  • Select Terminate Process.
  • Close IceSword.

After you have done that, try this.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 11:16 am

Hello, The MBAM log to follow:

Malwarebytes' Anti-Malware 1.44
Database version: 3720
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/02/2010 16:13:59
mbam-log-2010-02-10 (16-13-59).txt

Scan type: Quick Scan
Objects scanned: 143316
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ynxdqitg (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ynxdqitg (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Look forward to your next advice.
Regards.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed Feb 10, 2010 2:01 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 5:08 pm

Hello, logs are huge, will send bit by bit. First up will be pop up log:

OTL logfile created on: 10/02/2010 21:51:37 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Gary Mallett\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.66 Gb Total Space | 102.29 Gb Free Space | 71.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARYLAPTOP
Current User Name: Gary Mallett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 21:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Mallett\My Documents\Downloads\OTL.exe
PRC - [2010/02/10 17:34:40 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/16 03:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/04 07:51:44 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/04 07:51:44 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/02 17:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/03/16 18:47:48 | 024,095,528 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/03/16 18:47:48 | 000,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/02/12 17:29:02 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/01/19 10:08:50 | 000,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/12/03 12:47:34 | 001,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008/11/20 13:20:54 | 000,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 19:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/16 18:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/09/30 10:53:13 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/09/29 07:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/09/29 07:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 07:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 07:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/09/29 07:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 07:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2008/09/19 08:52:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 03:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 03:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 03:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/01/28 13:13:30 | 001,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/05/08 15:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/05/02 17:16:54 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/02/20 12:29:08 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/01 11:48:28 | 001,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2006/11/01 11:48:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/01 11:48:26 | 001,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/05/26 00:10:24 | 000,348,160 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/08 11:48:02 | 000,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/12/13 16:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/12/13 16:41:08 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/12/13 16:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/09/07 06:33:20 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\CameraAssistant.exe
PRC - [2005/09/01 13:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/09/01 13:04:44 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/11/01 18:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2003/10/29 01:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 02:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/02/17 11:45:02 | 000,262,144 | ---- | M] () -- C:\Program Files\Jessops\Picture Suite\InsDetect.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 21:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Mallett\My Documents\Downloads\OTL.exe
MOD - [2009/01/19 10:08:50 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Gary Mallett\Local Settings\Temp\IadHide5.dll
MOD - [2008/04/14 00:11:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksuser.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2005/09/01 13:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/08/04 07:51:44 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/16 18:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 18:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/16 18:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/09/29 07:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/09/29 07:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 07:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/09/29 07:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/01/28 13:13:30 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/28 13:13:23 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/01 11:48:28 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/09/14 14:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/05/26 00:10:24 | 000,348,160 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2005/09/01 13:11:52 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/10 17:34:33 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/04 16:21:32 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/03/31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/09/29 07:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 07:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 07:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 07:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 07:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 07:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 19:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:45:38 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/01 02:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 09:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/03 13:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 00:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/05/26 00:10:03 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2006/04/12 07:34:40 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 07:34:40 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 07:34:40 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/12/13 17:09:34 | 001,364,574 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/04 22:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/01 19:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 19:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2005/09/01 19:20:51 | 000,022,528 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/09/01 13:11:52 | 001,912,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/09/01 13:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 13:09:28 | 002,169,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/08/30 00:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 00:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 00:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/06/20 17:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002/06/20 17:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002/06/20 17:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002/06/20 17:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 5:10 pm

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/30 10:53:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/02/22 16:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/11 09:44:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 18:29:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 18:29:30 | 000,000,000 | ---D | M]

[2010/02/10 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary Mallett\Application Data\Mozilla\Extensions
[2010/02/10 16:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary Mallett\Application Data\Mozilla\Firefox\Profiles\iza929ib.default\extensions
[2010/02/10 16:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/12 12:13:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/12 12:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/09/29 07:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\scriptff.dll
[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/08/14 11:26:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sjp.co.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sjp-online.co.uk ([]* in Local intranet)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} [You must be registered and logged in to see this link.] (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 5:11 pm

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bw+0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {f9ee2687-f569-4cb4-9768-b37e05f5ba6c} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\offline-8876480 {F9EE2687-F569-4CB4-9768-B37E05F5BA6C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary Mallett\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary Mallett\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a5e41d37-75d0-11de-9769-001d09b2f2e3}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{efbbfaf8-ae87-11dd-96ce-001f3a18a003}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/10 21:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\My Documents\Downloads
[2010/02/10 19:16:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/10 18:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\KMProduct
[2010/02/10 16:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\Application Data\Office Genuine Advantage
[2010/02/10 15:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\Application Data\MSNInstaller
[2010/02/10 14:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\Application Data\Malwarebytes
[2010/02/10 14:49:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/10 14:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/10 14:49:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/10 14:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/02/09 00:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/09 00:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/09 00:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/07 22:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf
[2010/01/13 16:56:57 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/08/17 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2009/08/12 09:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/02/22 16:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/31 19:29:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/12/08 21:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/01/28 13:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2004/08/11 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/11 17:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/10 19:12:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/10 19:11:41 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/10 19:11:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/10 19:11:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/10 19:11:03 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 19:11:03 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 19:10:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary Mallett\ntuser.ini
[2010/02/10 19:10:01 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Gary Mallett\NTUSER.DAT
[2010/02/10 18:32:35 | 000,000,701 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/10 18:14:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 17:47:51 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/10 17:27:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/02/10 16:00:07 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/10 14:49:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 14:48:13 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to mbam-setup.exe.lnk
[2010/02/09 09:02:29 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to IceSword122en.zip.lnk
[2010/02/08 22:27:08 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to OTL.lnk
[2010/02/08 21:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/07 16:14:26 | 001,043,456 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\My Documents\music through the ages.doc
[2010/02/04 19:37:35 | 000,537,498 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/04 19:37:35 | 000,454,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/04 19:37:35 | 000,076,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/04 18:24:58 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\My Documents\ash_1990@hotmail.co.uk Sharing Folders Archive.lnk
[2010/02/03 19:50:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/29 20:18:02 | 000,224,256 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\My Documents\tattoo design 1.doc
[2010/01/28 22:05:46 | 000,507,392 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\My Documents\tattoo design.doc
[2010/01/16 00:07:30 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 21:42:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[8 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/10 16:00:07 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/10 14:49:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 14:48:13 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to mbam-setup.exe.lnk
[2010/02/09 09:02:29 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to IceSword122en.zip.lnk
[2010/02/09 00:06:36 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/02/08 22:27:08 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Desktop\Shortcut to OTL.lnk
[2010/02/07 16:14:26 | 001,043,456 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\My Documents\music through the ages.doc
[2010/01/29 20:18:02 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\My Documents\tattoo design 1.doc
[2010/01/28 22:00:57 | 000,507,392 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\My Documents\tattoo design.doc
[2009/12/20 17:06:18 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2009/10/20 19:08:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/10/20 19:08:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/10/20 19:07:49 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Application Data\$_hpcst$.hpc
[2009/08/14 11:19:26 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/08/14 11:19:25 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/22 21:01:19 | 000,168,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/03 15:54:50 | 000,184,646 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Application Data\NMM-MetaData.db
[2009/03/10 19:33:55 | 000,001,004 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/03/07 17:13:35 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009/03/07 17:13:35 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009/01/31 12:18:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 10:16:04 | 000,010,238 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/19 10:10:10 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/01/19 10:07:46 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/12/18 10:35:21 | 000,130,770 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ProspectorUninstall.log
[2008/10/05 17:59:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/09/27 12:47:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/09/27 12:43:43 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/08 16:25:08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/25 21:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/21 17:42:23 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/30 19:54:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/28 13:22:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/28 13:18:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/01/28 13:12:07 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/28 13:12:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/28 13:08:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/01/28 13:08:27 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/01/28 12:41:43 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/28 12:40:19 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/01 13:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 13:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 13:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/13 03:42:40 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2004/07/13 03:42:40 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2004/07/13 03:42:36 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\Ltclr13n.dll
[2004/07/13 03:42:34 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2004/07/13 03:42:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/05/24 03:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999/05/24 03:23:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\FdfAcX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 5:12 pm

Extras log to follow, also in blocks:

OTL Extras logfile created on: 10/02/2010 21:51:37 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Gary Mallett\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.66 Gb Total Space | 102.29 Gb Free Space | 71.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARYLAPTOP
Current User Name: Gary Mallett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A4ED3EB-EDF9-4E0D-BCC7-3D2BD60A0394}" = Premier Collection AV-8B Harrier for FS2004
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D3BA0EF-904C-4D14-A9E5-63A86CE18F9B}" = Assureweb New Business
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Wed Feb 10, 2010 5:13 pm

"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C60BF83E-6C65-435C-9B7E-629F6F60EAC6}" = Premier Collection F-183 Super Hornet for FS2004
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC93D96A-F328-460D-8DDF-CFD16A1894F8}" = Platinum Collection F-14D Super Tomcat for FS2004
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}" = Logitech QuickCam Software
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F617063F-6149-42AD-A0BB-C98D4F04F77B}" = TRSoap
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Airport Inc" = Airport Inc
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"Jessops Picture Suite" = Jessops Picture Suite
"Juniper Network Connect 5.3.0" = Juniper Networks Network Connect 5.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Pdf995" = Pdf995
"QcDrv" = Logitech Camera Driver
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/02/2010 18:31:31 | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4234327b.

Error - 07/02/2010 18:36:37 | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00226e20.

Error - 07/02/2010 18:36:48 | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x6d2d7068.

Error - 10/02/2010 03:48:48 | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application icesword.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/02/2010 16:48:24 | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00a26c00.

[ System Events ]
Error - 10/02/2010 09:01:19 | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10010
Description = The server {641B9FB0-C2B1-41BD-8563-5F484E3BE84A} did not register
with DCOM within the required timeout.

Error - 10/02/2010 09:11:07 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/02/2010 11:22:32 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the crd service to connect.

Error - 10/02/2010 11:22:32 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7000
Description = The crd service failed to start due to the following error: %%1053

Error - 10/02/2010 12:08:03 | Computer Name = GARYLAPTOP | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{275AD02F-060D-4186-93E1-2F028152F88F}. The
backup browser is stopping.

Error - 10/02/2010 12:20:43 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/02/2010 12:26:08 | Computer Name = GARYLAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.9 for the Network Card with network
address 001F3A18A003 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/02/2010 13:31:06 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/02/2010 16:48:26 | Computer Name = GARYLAPTOP | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/02/2010 16:48:55 | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10010
Description = The server {10DA4F3C-CC99-4190-BE4D-58330754E882} did not register
with DCOM within the required timeout.


< End of report >

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed Feb 10, 2010 7:41 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O33 - MountPoints2\{a5e41d37-75d0-11de-9769-001d09b2f2e3}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
    O33 - MountPoints2\{efbbfaf8-ae87-11dd-96ce-001f3a18a003}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
    [2010/02/07 22:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Thu Feb 11, 2010 4:35 am

Hello, log from OTL to follow:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e41d37-75d0-11de-9769-001d09b2f2e3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5e41d37-75d0-11de-9769-001d09b2f2e3}\ not found.
File E:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efbbfaf8-ae87-11dd-96ce-001f3a18a003}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efbbfaf8-ae87-11dd-96ce-001f3a18a003}\ not found.
File E:\setupSNK.exe not found.
Folder move failed. C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.28.0 log created on 02112010_092338

Files\Folders moved on Reboot...
C:\Documents and Settings\Gary Mallett\Local Settings\Application Data\kvrinf folder moved successfully.

Registry entries deleted on Reboot...

Look forward to your next advice.
Regards.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Thu Feb 11, 2010 3:52 pm

Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by cantrad on Thu Feb 11, 2010 6:26 pm

The machine seems fine to me. Thank you very much, great job.

Assuming you're aware, from the previous logs, of what is loaded on the machine, could you suggest any suitable protection to try to prevent a future infection.

In light of the recent adverse publicity for IE (Germany) I now use Firefox instead.

Look forward to your advice and I will be making a suitable donation to your cause.
Kind regards.

cantrad
Novice
Novice

Posts Posts : 44
Joined Joined : 2010-01-04
OS OS : windows vista
Points Points : 25888
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Thu Feb 11, 2010 7:29 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum