GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Antivirus Soft, wuauclt.exe is infected

View previous topic View next topic Go down

Antivirus Soft, wuauclt.exe is infected

Post by lisan23 on Fri May 14, 2010 9:07 pm

There is a little shield that looks like my Windows Shield in the lower right hand corner, but it's labeled Antivirus Soft. I had to start my computer in safe mode in order to run OTL, I hope that's ok. I also had to type in the code to run it, so if something looks wrong let me know. If you could help fix this that would be AMAZING! Thanks!

OTL logfile created on: 5/14/2010 3:40:50 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 89.51 Gb Free Space | 40.28% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 4.51 Gb Free Space | 42.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LISA-PC
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/14 14:57:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2010/05/14 14:57:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/05/14 15:12:26 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2008/02/20 14:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/09/20 02:23:32 | 000,241,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmusbdhdlh.sys -- (dhdusb.NTx86)
DRV - [2007/09/19 19:11:48 | 001,959,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/06 01:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/04/17 23:46:20 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 14:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/13 13:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 04:47:54 | 000,000,000 | ---D | M]

[2009/06/14 18:57:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2010/05/14 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cnu46d27.default\extensions
[2010/05/13 11:56:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cnu46d27.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 20:12:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cnu46d27.default\extensions\firefox@tvunetworks.com
[2009/07/12 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cnu46d27.default\extensions\texpertension@texperts.com
[2009/07/08 20:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKCU..\Run: [wvgihoyj] C:\Users\Lisa\AppData\Local\jdchxgkgp\fmckadwtssd.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} [You must be registered and logged in to see this link.] (Walt Disney Internet Group Hardware Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [You must be registered and logged in to see this link.] (WoF Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} [You must be registered and logged in to see this link.] (InetDownload Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} [You must be registered and logged in to see this link.] (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/04 04:41:38 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{488C67A4-9FD9-4D6E-863E-144084A20A7D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/14 15:12:26 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/14 14:57:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010/05/14 14:46:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/14 11:25:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\jdchxgkgp
[2010/05/13 13:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/13 13:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/13 13:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/13 13:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/13 12:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/13 12:04:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/13 12:04:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/13 12:03:54 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/13 12:03:54 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/13 12:03:49 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/13 12:03:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/13 12:02:11 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/13 12:02:10 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/13 12:02:09 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/13 12:02:09 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/13 12:02:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/13 12:02:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/13 12:02:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/13 12:02:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/05/13 12:02:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/13 12:02:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/13 12:02:05 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/13 12:01:57 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/13 12:01:52 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/13 12:01:51 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/13 12:01:51 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/13 12:01:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/13 12:01:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/13 11:59:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/13 11:59:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/13 11:50:50 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/13 01:04:10 | 000,000,000 | R--D | C] -- C:\Users\Lisa\Videos
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lisa\Documents\*.tmp files -> C:\Users\Lisa\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/14 15:41:41 | 003,145,728 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat
[2010/05/14 15:31:53 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/14 15:31:53 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/14 15:31:53 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/14 15:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/14 15:26:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 15:26:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 15:25:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/14 15:20:10 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/14 15:20:10 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/14 15:20:07 | 002,082,698 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db
[2010/05/14 15:15:30 | 000,000,680 | ---- | M] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
[2010/05/14 15:12:26 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/05/14 14:57:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2010/05/14 14:45:59 | 003,689,128 | ---- | M] () -- C:\Users\Lisa\Desktop\ComboFix.exe
[2010/05/13 23:11:31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD820C65-560A-48EE-A64D-C3AD6B24F8C0}.job
[2010/05/13 15:02:15 | 000,026,112 | ---- | M] () -- C:\Users\Lisa\Documents\resumeln.doc
[2010/05/13 13:27:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/13 13:09:01 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/13 01:45:24 | 001,874,944 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/05/13 01:45:24 | 000,947,200 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/05/12 21:06:41 | 000,004,064 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lisa\Documents\*.tmp files -> C:\Users\Lisa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 14:45:56 | 003,689,128 | ---- | C] () -- C:\Users\Lisa\Desktop\ComboFix.exe
[2010/05/13 13:27:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/13 13:09:01 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2008/05/27 23:04:47 | 000,241,656 | ---- | C] () -- C:\Windows\System32\drivers\bcmusbdhdlh.sys
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:33:43 | 001,730,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\apds.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/19 02:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 08:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 14:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2007/12/24 03:35:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/21 00:33:34 | 000,000,273 | ---- | M] () -- C:\Log.txt
[2007/12/24 03:35:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/02/29 21:15:51 | 000,000,827 | ---- | M] () -- C:\net_save.dna
[2010/05/14 15:27:28 | 1789,730,816 | -HS- | M] () -- C:\pagefile.sys
[2007/11/17 20:35:27 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/11/17 20:23:34 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/10/04 04:08:28 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2008/10/03 10:58:12 | 000,000,000 | ---D | M] -- C:\Program Files\2Wire
[2007/11/17 20:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Acceller
[2008/10/03 10:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Actiontec
[2007/11/17 20:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008/11/18 03:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/11/17 20:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\AOL 9.0
[2008/10/03 14:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/11/27 01:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2007/11/17 20:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2010/05/13 12:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/13 19:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/10/13 19:13:12 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2008/09/07 19:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2008/09/07 19:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\ComcastToolbar
[2009/06/12 16:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/11/30 06:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2007/11/17 20:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/11/17 21:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2008/05/27 23:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Dynex Enhanced G USB Network Adapter
[2007/11/17 20:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\eBay
[2009/11/22 12:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\eMachines Games
[2008/03/18 13:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2009/07/06 15:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2008/03/01 09:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/11/23 11:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2008/09/07 20:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/01/11 22:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2010/05/12 21:11:12 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/13 12:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/09/14 20:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/05/13 13:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/13 13:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2007/11/17 20:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/11/28 19:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2009/05/03 19:44:53 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFrog
[2008/05/15 20:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\mbrr
[2009/11/10 15:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2007/11/17 20:34:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/05/13 12:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/10/03 11:10:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/06/12 16:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/06/10 04:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/11/17 20:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2007/11/17 20:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/05/13 12:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/11/20 19:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2009/11/07 19:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/17 21:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/14 12:00:52 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2008/03/18 12:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2008/10/15 01:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2007/11/17 20:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\NetZero
[2009/11/28 18:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2008/11/11 18:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\OXXOGames
[2009/05/03 19:47:07 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2008/05/27 22:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2009/06/29 12:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Photosynth
[2010/05/13 13:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/13 09:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Qwest
[2007/11/17 20:22:53 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/05/03 19:48:14 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/02/16 00:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/06/29 13:29:33 | 000,000,000 | ---D | M] -- C:\Program Files\Searchme.com
[2008/11/30 06:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2006/06/11 19:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2009/10/25 13:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2007/11/17 20:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Spare Backup
[2008/02/29 21:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2009/10/25 13:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\TVAnts
[2009/05/26 22:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\UCN
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/11/23 11:14:24 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/03/25 10:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/11/14 21:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\Virtools
[2008/10/04 04:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/10/04 04:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/10/04 04:41:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/10/04 04:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/10 15:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2008/10/03 11:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/06/12 16:34:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/06/12 16:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2010/05/13 12:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/08/14 08:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/04 04:42:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/10/04 04:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/10/09 13:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/06/29 13:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

< %appdata%\*.* >
[2010/05/12 21:06:41 | 000,004,064 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\drivers\nvstor32.sys
[2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys
[2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DRVSTORE\nvstor32_9DEEA08DA0CC2F5DE659D6A5B88D40D5EF3A3CF9\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/11/17 20:57:18 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/11/17 20:57:18 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/11/17 20:57:18 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:756C8543
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:522EA216
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:80B291A7
< End of report >

lisan23
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2010-05-14
OS : Vista
Points : 23968
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft, wuauclt.exe is infected

Post by Belahzur on Sat May 15, 2010 12:19 am

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Antivirus Soft, wuauclt.exe is infected

Post by lisan23 on Sat May 15, 2010 2:02 am

ComboFix 10-05-14.06 - Lisa 05/14/2010 20:48:35.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1407.818 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Lisa\AppData\Local\jdchxgkgp
c:\users\Lisa\AppData\Local\jdchxgkgp\fmckadwtssd.exe
c:\users\Lisa\AppData\Roaming\.#
c:\users\Lisa\AppData\Roaming\.#\MBX@3748@2B22908.###
c:\users\Lisa\AppData\Roaming\.#\MBX@3748@2B22938.###
c:\users\Lisa\AppData\Roaming\.#\MBX@3748@2B22968.###
c:\users\Lisa\AppData\Roaming\.#\MBX@57F8@2C92908.###
c:\users\Lisa\AppData\Roaming\.#\MBX@57F8@2C92938.###
c:\users\Lisa\AppData\Roaming\.#\MBX@57F8@2C92968.###
c:\users\Lisa\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AbaleZip.dll
c:\windows\system32\AutoRun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-15 01:57 . 2010-05-15 01:57 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2010-05-15 01:57 . 2010-05-15 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-14 20:12 . 2010-05-14 20:12 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-13 21:10 . 2010-05-13 21:10 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-13 18:24 . 2010-05-13 18:24 -------- d-----w- c:\program files\iPod
2010-05-13 18:22 . 2010-05-13 18:26 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-13 18:22 . 2010-05-13 18:26 -------- d-----w- c:\program files\iTunes
2010-05-13 18:08 . 2010-05-13 18:09 -------- d-----w- c:\program files\QuickTime
2010-05-13 17:59 . 2010-05-13 17:59 -------- d-----w- c:\program files\Bonjour
2010-05-13 17:55 . 2010-05-13 17:55 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-13 17:04 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-13 17:04 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-13 17:04 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-13 17:04 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-13 17:04 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-13 17:03 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-13 17:03 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-13 17:03 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-13 17:03 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 17:03 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 17:03 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-13 17:03 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 17:01 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 17:01 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 17:01 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 17:01 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-05-13 17:01 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-05-13 17:01 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-13 17:01 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-13 17:01 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-05-13 17:01 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-13 17:01 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-13 17:01 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-13 17:01 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-13 17:01 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-05-13 16:59 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-13 16:59 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 16:59 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-13 16:50 . 2010-05-06 15:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 16:50 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 16:50 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 20:15 . 2009-03-16 05:05 680 ----a-w- c:\users\Lisa\AppData\Local\d3d9caps.dat
2010-05-13 18:23 . 2008-10-03 19:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-13 17:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 17:17 . 2007-11-18 01:32 -------- d-----w- c:\programdata\Microsoft Help
2010-05-13 17:06 . 2009-02-12 04:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-13 14:50 . 2008-10-03 15:59 -------- d-----w- c:\program files\Qwest
2010-05-13 02:16 . 2008-10-03 16:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-13 02:13 . 2009-07-06 21:13 -------- d-----w- c:\users\Lisa\AppData\Roaming\SearchmeToolbar
2010-05-13 02:12 . 2008-12-27 14:24 -------- d-----w- c:\users\Lisa\AppData\Roaming\Move Networks
2010-05-13 02:11 . 2007-11-18 01:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-13 02:06 . 2008-04-27 06:42 4064 ----a-w- c:\users\Lisa\AppData\Roaming\wklnhst.dat
2010-05-13 01:33 . 2008-03-01 02:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\Spare Backup
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-09 16:28 . 2010-05-13 17:02 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-05-13 17:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-05-13 17:02 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-14 24856]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:\windows\Tasks\User_Feed_Synchronization-{FD820C65-560A-48EE-A64D-C3AD6B24F8C0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-29 07:33]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [You must be registered and logged in to see this link.] files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cnu46d27.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-wvgihoyj - c:\users\Lisa\AppData\Local\jdchxgkgp\fmckadwtssd.exe
AddRemove-WT074871 - c:\program files\eMachines Games\Wedding Dash - Ready



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-14 20:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-14 21:01:09
ComboFix-quarantined-files.txt 2010-05-15 02:00

Pre-Run: 94,551,666,688 bytes free
Post-Run: 94,939,754,496 bytes free

- - End Of File - - 5A2624055A943CC3FE7898C516563534

lisan23
Beginner
Beginner

Status :
Online
Offline

Posts : 2
Joined : 2010-05-14
OS : Vista
Points : 23968
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus Soft, wuauclt.exe is infected

Post by Belahzur on Sat May 15, 2010 10:31 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum