wuauclt.exe is infected

View previous topic View next topic Go down

wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 2:21 am

My laptop (window vista) seems to be infected. Please help.
I cannot use Internet Explorer or run my antivirus software. The message "Application cannot be executed. The file wuauclt.exe is infected" keeps popping up and blocking me from doing a lot of stuff on my computer. When I open Internet Explorer I get the message "Internet Explorer Warning - Visiting this web site may harm your computer..." The only thing that opens is something trying to get me to purchase virus protection. I've scanned with OTL and below are the .txt files that were created from that. Thank you in advance!

(OTL.txt)
OTL logfile created on: 7/6/2010 9:33:06 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\jillzerrusen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 138.69 Gb Free Space | 63.56% Space Free | Partition Type: NTFS
Drive D: | 244.63 Mb Total Space | 243.69 Mb Free Space | 99.62% Space Free | Partition Type: FAT
Drive E: | 14.65 Gb Total Space | 7.54 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JILLZERRUSEN-PC
Current User Name: jillzerrusen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/06 09:15:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\jillzerrusen\Desktop\OTL.exe
PRC - [2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 09:15:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\jillzerrusen\Desktop\OTL.exe
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/10/03 12:13:37 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/03 12:13:35 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/27 19:09:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/13 09:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 10:01:32 | 001,372,160 | ---- | M] (Macrovision Corporation) [Auto | Stopped] -- C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe -- (ARCGIS License Manager)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/10/03 12:13:56 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/03 12:13:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/03 12:13:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/03/31 11:55:26 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/03/31 11:53:56 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/16 12:22:02 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/08/31 13:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/08/31 13:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/03/14 07:22:00 | 000,028,216 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577


[2009/08/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\jillzerrusen\AppData\Roaming\Mozilla\Extensions
[2009/08/08 13:52:23 | 000,000,000 | ---D | M] -- C:\Users\jillzerrusen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [duljtoqt] C:\Users\jillzerrusen\AppData\Local\hmqbfwies\hgsxplqtssd.exe ()
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\jillzerrusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\jillzerrusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{d44b2948-b78e-11de-86d7-00256446fca9}\Shell - "" = AutoRun
O33 - MountPoints2\{d44b2948-b78e-11de-86d7-00256446fca9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 09:27:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\jillzerrusen\Desktop\OTL.exe
[2010/07/05 09:34:15 | 000,000,000 | ---D | C] -- C:\Users\jillzerrusen\AppData\Local\hmqbfwies
[2010/07/02 15:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/07/02 15:52:42 | 000,000,000 | ---D | C] -- C:\Users\jillzerrusen\AppData\Roaming\Roxio
[2010/06/28 03:00:37 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/06/28 03:00:37 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/28 03:00:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/06/28 03:00:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/06/28 03:00:34 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/06/28 03:00:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/06/28 03:00:34 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/06/23 03:00:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/23 03:00:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/23 03:00:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 02:40:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/23 02:40:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/10 17:19:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/10 17:19:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/10 17:19:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/10 17:19:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/10 17:19:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/10 17:19:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/10 17:19:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/10 17:19:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/10 17:19:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/10 17:19:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/10 17:19:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/10 17:19:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/10 17:19:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/10 17:19:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/10 17:19:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/10 17:19:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/10 17:12:06 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/10 17:12:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/10 17:11:34 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/06/10 17:10:26 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2010/07/06 09:29:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/06 09:29:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/06 09:29:01 | 002,621,440 | -HS- | M] () -- C:\Users\jillzerrusen\NTUSER.DAT
[2010/07/06 09:29:01 | 000,524,288 | -HS- | M] () -- C:\Users\jillzerrusen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/06 09:29:01 | 000,065,536 | -HS- | M] () -- C:\Users\jillzerrusen\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/06 09:28:56 | 001,820,177 | -H-- | M] () -- C:\Users\jillzerrusen\AppData\Local\IconCache.db
[2010/07/06 09:25:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/06 09:25:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/06 09:25:04 | 000,591,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/06 09:25:04 | 000,099,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/06 09:20:48 | 000,013,231 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\Close all opened Windows and Open OTL by double clicking on OTL icon.docx
[2010/07/06 09:15:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\jillzerrusen\Desktop\OTL.exe
[2010/07/06 09:06:20 | 000,363,520 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\rkill.com
[2010/07/05 18:18:14 | 061,665,098 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/02 17:37:42 | 000,009,216 | ---- | M] () -- C:\Users\jillzerrusen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 16:13:30 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/24 21:57:22 | 001,537,339 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\SSL22241.JPG
[2010/06/18 18:29:46 | 000,001,768 | -H-- | M] () -- C:\Users\jillzerrusen\Documents\Default.rdp
[2010/06/18 17:56:58 | 000,030,720 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\usepass.doc
[2010/06/18 17:55:45 | 000,002,545 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\VPN Client.lnk
[2010/06/11 03:23:38 | 000,352,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 20:22:16 | 000,002,627 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\Microsoft Office Word 2007.lnk
[2010/06/06 14:26:12 | 000,088,539 | ---- | M] () -- C:\Users\jillzerrusen\Desktop\29678_10150187768395492_747535491_13096586_7076986_n[1].jpg

========== Files Created - No Company Name ==========

[2010/07/06 09:27:33 | 000,363,520 | ---- | C] () -- C:\Users\jillzerrusen\Desktop\rkill.com
[2010/07/06 09:27:29 | 000,013,231 | ---- | C] () -- C:\Users\jillzerrusen\Desktop\Close all opened Windows and Open OTL by double clicking on OTL icon.docx
[2010/06/25 12:53:29 | 001,537,339 | ---- | C] () -- C:\Users\jillzerrusen\Desktop\SSL22241.JPG
[2010/06/06 20:11:12 | 000,088,539 | ---- | C] () -- C:\Users\jillzerrusen\Desktop\29678_10150187768395492_747535491_13096586_7076986_n[1].jpg
[2009/07/27 19:01:26 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/27 19:01:25 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/27 18:52:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2007/10/26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\System32\RegObj.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 12:44:20 | 000,246,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 08:53:49 | 002,036,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/27 21:39:20 | 000,003,530 | RH-- | M] () -- C:\dell.sdr
[2010/07/06 09:29:32 | 4032,241,664 | -HS- | M] () -- C:\pagefile.sys
[2010/07/06 09:30:37 | 000,000,366 | ---- | M] () -- C:\rkill.log
[2009/10/13 11:41:56 | 000,000,278 | ---- | M] () -- C:\WORK.LOG

< %PROGRAMFILES%\*. >
[2009/07/27 19:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/08 13:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/13 12:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\ArcGIS
[2010/03/13 14:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\AV7
[2010/03/13 12:38:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/08/08 13:35:25 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/07/27 19:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/04/09 20:58:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2009/07/27 19:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/04/09 20:59:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/27 19:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/07/27 19:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/07/06 09:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Local Backup
[2009/08/24 16:56:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2009/08/29 13:45:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Games
[2009/07/27 19:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2009/07/27 19:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Remote Access
[2009/07/27 19:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2009/07/27 21:38:54 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/02/08 20:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2010/02/08 21:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/02/07 13:03:40 | 000,000,000 | ---D | M] -- C:\Program Files\Escape The Museum
[2009/10/14 19:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\ESRI
[2009/08/14 08:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Frontier Communications Solutions
[2009/07/27 13:44:30 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2009/07/27 19:25:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/27 19:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/11 03:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/10 18:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/10 18:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/07/27 19:01:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/13 12:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Leica Geosystems
[2009/08/08 13:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/04/13 19:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/27 19:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/07/27 19:24:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/09 07:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/27 19:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/27 19:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/08/09 09:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/26 03:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/11 04:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/15 03:00:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/17 21:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2010/01/10 18:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/27 19:08:54 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/01/10 18:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/10/13 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\SafeNet Sentinel
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/27 19:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/01/20 21:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 21:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 21:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/11 21:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/27 19:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/11 03:21:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 03:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 21:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/08/14 08:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/08/24 16:51:18 | 008,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\jillzerrusen\AppData\Roaming\DataSafeDotNet.exe


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 12:43:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 12:43:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/11 12:43:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/11 12:43:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2008/05/07 17:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/08/31 13:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/08/31 13:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/05/07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/08/31 13:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-05 15:37:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 2:22 am

(Extras.txt)

OTL Extras logfile created on: 7/6/2010 9:33:06 AM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\jillzerrusen\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 138.69 Gb Free Space | 63.56% Space Free | Partition Type: NTFS
Drive D: | 244.63 Mb Total Space | 243.69 Mb Free Space | 99.62% Space Free | Partition Type: FAT
Drive E: | 14.65 Gb Total Space | 7.54 Gb Free Space | 51.48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JILLZERRUSEN-PC
Current User Name: jillzerrusen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{361A8D6A-B0A9-46D5-9FD7-7E4B73B6D034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844AD1D2-D14B-45BE-B652-C637819ECF00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1F6AEC-2322-4D4C-AC8C-6E419BCF7E39}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{0C7A9862-0DCA-4C40-8AC5-D84999B63481}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{18DA420B-5E5F-4CBE-A203-556BD4298268}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{3774440F-AADE-41FF-8596-BFE763D61D62}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D9B439E-9E4A-483D-8071-358C6F0BE1F9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{49326D23-0BC6-4FE7-931D-F5321D14D494}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F13698E-78F9-4BF7-9FF5-2A2A10323410}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50870C3E-3B45-40D9-A399-25590BFDDB84}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5FC7BCF0-290E-4E69-BE1A-C75B38FC928E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{64AD27AF-14B0-40D0-A344-58D4B88BF60B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{66F48FD9-3B0C-464A-B899-69C85D444861}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{68A24AD1-F6C1-4897-A1D7-BFA40C727B6F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{754227C0-694F-4384-BD94-49C703CF4E32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76E4636A-B93E-4AD5-A42B-10EAED8FEE90}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{79F664EA-D0F5-4368-BE48-EBD19DB73D16}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{8D015DC8-F6C8-4942-9FA6-36D477AB1FD5}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{B80E4738-324B-4ACA-8970-D444FD573114}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{BBD529F8-8A44-453F-B34F-B88649233D72}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{C1C58B82-37A5-46FC-BA65-6F09CC6E1ED8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C51B16AC-B8D9-4ABA-9E1D-7A09EA21624A}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{D9474676-D9B7-406C-9EFB-948F2DF66742}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{EB63D9BC-0361-4192-9BB4-3EF10AFE5EEE}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{ED36A5A9-3BF1-43BA-B750-E70E548E3D67}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"TCP Query User{0FFAC195-B76C-4FD8-BE70-241FB6205213}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{3468B8F2-CC03-45DA-82DF-7342750C71E9}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{BD733B28-41CB-4D02-9B53-2DDBAE9BF54B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1A2E7283-9F4E-49D6-BD83-BF99D240FD54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AC265B42-301B-4B30-B0B2-CCE95C73B89C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B363A8FF-4CD2-4E6B-BE04-88CCD1AF40D9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcGIS Desktop" = ArcGIS Desktop
"ARCGIS License Manager" = ARCGIS License Manager
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EADM" = EA Download Manager
"Escape The Museum1.0" = Escape The Museum
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LimeWire" = LimeWire 5.2.13
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"PhotoScape" = PhotoScape
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"TVWiz" = Intel(R) TV Wizard
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 7:29:27 PM | Computer Name = jillzerrusen-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2010 2:29:20 AM | Computer Name = jillzerrusen-PC | Source = EventSystem | ID = 4622
Description =

Error - 5/2/2010 1:03:53 PM | Computer Name = jillzerrusen-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/10/2010 6:59:00 PM | Computer Name = jillzerrusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769,
exception code 0xc0000005, fault offset 0x00085afc, process id 0x1ef4, application
start time 0x01caf09361cfc6d0.

Error - 5/12/2010 5:56:48 PM | Computer Name = jillzerrusen-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/12/2010 8:05:44 PM | Computer Name = jillzerrusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x001579a2, process id 0xdc8, application
start time 0x01caf230032e5df9.

Error - 5/24/2010 10:12:21 PM | Computer Name = jillzerrusen-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2010 7:12:55 PM | Computer Name = jillzerrusen-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/28/2010 6:03:06 PM | Computer Name = jillzerrusen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x002632fa, process id 0x1f8c, application
start time 0x01cafeaf776d8ac8.

Error - 5/31/2010 12:23:12 PM | Computer Name = jillzerrusen-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/2/2010 7:57:31 AM | Computer Name = jillzerrusen-PC | Source = WLAN-Tray | ID = 0
Description = 06:57:30, Wed, Jun 02, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 11/17/2009 8:34:28 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:34:33 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:34:39 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:34:44 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:34:49 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:34:55 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:35:01 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:35:06 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:35:11 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/17/2009 8:35:16 PM | Computer Name = jillzerrusen-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed 07 Jul 2010, 3:45 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [duljtoqt] C:\Users\jillzerrusen\AppData\Local\hmqbfwies\hgsxplqtssd.exe ()
    [2010/07/05 09:34:15 | 000,000,000 | ---D | C] -- C:\Users\jillzerrusen\AppData\Local\hmqbfwies



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 4:04 am

Here is the file from OTL fix. While waiting for your reply, I ran malwarebytes and removed some files with that. (hope that was OK) and I am also pasting the file from the malwarebytes in this reply.

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\duljtoqt not found.
File C:\Users\jillzerrusen\AppData\Local\hmqbfwies\hgsxplqtssd.exe not found.
C:\Users\jillzerrusen\AppData\Local\hmqbfwies folder moved successfully.

OTL by OldTimer - Version 3.2.7.1 log created on 07062010_115856


(Malwarebytes):
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4282

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/6/2010 11:47:58 AM
mbam-log-2010-07-06 (11-47-58).txt

Scan type: Quick scan
Objects scanned: 145855
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\duljtoqt (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\jillzerrusen\AppData\Local\hmqbfwies\hgsxplqtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\jillzerrusen\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed 07 Jul 2010, 4:15 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9
    Java(TM) 6 Update 13
    LimeWire 5.2.13




  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 5:36 am

ComboFix 10-07-06.01 - jillzerrusen 07/06/2010 13:24:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3545.2125 [GMT -5:00]
Running from: c:\users\jillzerrusen\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AV7
c:\users\jillzerrusen\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\st326162.dll
c:\windows\xpsp1hfm.log
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 18:31 . 2010-07-06 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-06 16:58 . 2010-07-06 16:58 -------- d-----w- C:\_OTL
2010-07-06 16:33 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 16:33 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 20:52 . 2010-07-02 20:58 -------- d-----w- c:\programdata\Roxio
2010-07-02 20:52 . 2010-07-02 20:52 -------- d-----w- c:\users\jillzerrusen\AppData\Roaming\Roxio
2010-06-28 08:00 . 2010-04-14 17:54 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-28 08:00 . 2010-04-14 17:54 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-23 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:40 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 07:40 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-10 22:12 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 22:12 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 22:11 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 22:10 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 18:08 . 2009-08-08 18:51 -------- d-----w- c:\program files\LimeWire
2010-07-06 18:08 . 2009-08-08 18:52 -------- d-----w- c:\users\jillzerrusen\AppData\Roaming\LimeWire
2010-07-06 16:51 . 2009-07-28 00:16 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2010-07-06 16:33 . 2010-03-13 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 08:01 . 2009-07-28 00:24 -------- d-----w- c:\program files\Microsoft.NET
2010-06-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 08:06 . 2009-07-28 00:23 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 12:27 . 2009-07-28 00:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 19:14 . 2009-10-03 17:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-10 22:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 22:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 22:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 22:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 13:55 . 2010-05-25 23:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:05 . 2010-06-23 07:40 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-23 07:40 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-23 07:40 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:05 . 2010-06-23 07:40 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
2009-07-28 02:33 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-04-24 18160]

c:\users\jillzerrusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-7-27 53248]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-4-9 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-28 00:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-03 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-03 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 ARCGIS License Manager;ARCGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [2008-01-11 1372160]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-10-03 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-03 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-06 13:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\JILLZE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2010-07-06 13:33:59
ComboFix-quarantined-files.txt 2010-07-06 18:33

Pre-Run: 147,131,101,184 bytes free
Post-Run: 147,791,630,336 bytes free

- - End Of File - - 4DB892E744D177E841A7B95BE62F44B1

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed 07 Jul 2010, 5:59 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Folder::
    c:\program files\LimeWire
    c:\users\jillzerrusen\AppData\Roaming\LimeWire

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 6:23 am

I left my power chord at home and will not be able to complete this step until this evening. I have AVG 8.5 disabled per the instructions earlier. As far as I know, AVG 8.5 is the only antivirus/malware software on this laptop besides the Malwarebytes I downloaded earlier today. I don't not know how to disable Malwarebytes. (unlike AVG 8.5, there is not an icon in the lower right hand corner to right click, only the icon on my desktop). Is it ok to just have the Malwarebytes closed or will it actuall need to be disabled as I did with AVG? If I need to disable, please tell me how. Thanks.

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 9:09 am

I started this ComboFix and walked away from the computer. When I came back the computer had restarted. The box said preparing report. do not open anything until finished. I am now getting a message that says "Illegal operation attempted on a registry key that has been marked for deletion c:\Program Files\Dell Data Safe Local Backup\DsLauncher.exe"

ComboFix report below:

ComboFix 10-07-06.01 - jillzerrusen 07/06/2010 16:42:53.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3545.2360 [GMT -5:00]
Running from: c:\users\jillzerrusen\Desktop\Combo-Fix.exe
Command switches used :: c:\users\jillzerrusen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\lib\activation-1.1.jar
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-lang-2.2.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\fb-java-api-2.1.1.jar
c:\program files\LimeWire\lib\fb-java-api-schema-2.1.1.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-snapshot20090628_java15.jar
c:\program files\LimeWire\lib\google-collect-1.0-rc2.jar
c:\program files\LimeWire\lib\guice-2.0-snapshot-20090610.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot20090512.jar
c:\program files\LimeWire\lib\hsqldb-1.8.0.10.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-4.0.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.3.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jaxb-api-2.1.jar
c:\program files\LimeWire\lib\jaxb-impl-2.1.9.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna-3.1.0.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\json-20070829.jar
c:\program files\LimeWire\lib\jxlayer-4.0.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout-3.7-swing.jar
c:\program files\LimeWire\lib\mime-util.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\runtime-0.4.1.3.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\stax-api-1.0-2.jar
c:\program files\LimeWire\lib\swing-worker-1.2.jar
c:\program files\LimeWire\lib\swingx-1.0.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\jillzerrusen\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\jillzerrusen\AppData\Roaming\LimeWire\createtimes.cache
c:\users\jillzerrusen\AppData\Roaming\LimeWire\downloads.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\fileurns.cache
c:\users\jillzerrusen\AppData\Roaming\LimeWire\installation.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\library.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\library5.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\limewire.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\lock
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mojito.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\OfflineCache\index.sqlite
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\jillzerrusen\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\jillzerrusen\AppData\Roaming\LimeWire\player.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\jillzerrusen\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\jillzerrusen\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\jillzerrusen\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\jillzerrusen\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\jillzerrusen\AppData\Roaming\LimeWire\questions.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\simpp.xml
c:\users\jillzerrusen\AppData\Roaming\LimeWire\tables.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\version.xml
c:\users\jillzerrusen\AppData\Roaming\LimeWire\versions.props
c:\users\jillzerrusen\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\jillzerrusen\AppData\Roaming\LimeWire\xml\data\video.sxml3

.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 21:48 . 2010-07-06 21:53 -------- d-----w- c:\users\jillzerrusen\AppData\Local\temp
2010-07-06 21:48 . 2010-07-06 21:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-06 16:58 . 2010-07-06 16:58 -------- d-----w- C:\_OTL
2010-07-06 16:33 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 16:33 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 20:52 . 2010-07-02 20:58 -------- d-----w- c:\programdata\Roxio
2010-07-02 20:52 . 2010-07-02 20:52 -------- d-----w- c:\users\jillzerrusen\AppData\Roaming\Roxio
2010-06-28 08:00 . 2010-04-14 17:54 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-28 08:00 . 2010-04-14 17:54 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-23 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:40 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 07:40 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-10 22:12 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 22:12 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 22:11 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 22:10 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 21:42 . 2009-07-28 00:16 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2010-07-06 16:33 . 2010-03-13 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 08:01 . 2009-07-28 00:24 -------- d-----w- c:\program files\Microsoft.NET
2010-06-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 08:06 . 2009-07-28 00:23 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 12:27 . 2009-07-28 00:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 19:14 . 2009-10-03 17:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-10 22:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 22:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 22:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 22:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 13:55 . 2010-05-25 23:18 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:05 . 2010-06-23 07:40 459776 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-23 07:40 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-23 07:40 541696 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:05 . 2010-06-23 07:40 2153984 ----a-w- c:\windows\AppPatch\AcGenral.dll
2009-07-28 02:33 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-07-06 21:55 56426 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-07-06 21:55 76144 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-07 13:36 . 2010-07-06 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-07 13:36 . 2010-07-06 21:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-07 13:36 . 2010-07-06 21:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-07 13:36 . 2010-07-06 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-07 13:36 . 2010-07-06 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-07 13:36 . 2010-07-06 21:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 01:04 . 2010-07-06 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 01:04 . 2010-07-06 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 01:04 . 2010-07-06 16:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 01:04 . 2010-07-06 21:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 01:04 . 2010-07-06 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 01:04 . 2010-07-06 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-12 20:05 . 2010-07-06 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-12 20:05 . 2010-07-06 16:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-12 20:05 . 2010-07-06 16:50 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-12 20:05 . 2010-07-06 19:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-12 20:05 . 2010-07-06 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-12 20:05 . 2010-07-06 16:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-07 13:40 . 2010-07-06 21:55 8026 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3453701743-709272239-3657356659-1000_UserData.bin
+ 2010-07-06 21:49 . 2010-07-06 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-06 16:50 . 2010-07-06 16:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-06 21:49 . 2010-07-06 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-06 16:50 . 2010-07-06 16:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-13 00:43 . 2010-07-06 21:37 231036 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 10:33 . 2010-07-06 19:11 604502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-07-06 18:07 604502 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-07-06 18:07 104170 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-07-06 19:11 104170 c:\windows\System32\perfc009.dat
- 2006-11-02 12:47 . 2010-06-11 08:23 352328 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-07-06 19:06 352328 c:\windows\System32\FNTCACHE.DAT
+ 2010-01-30 02:37 . 2010-07-06 21:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-01-30 02:37 . 2010-07-06 16:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-04-24 18160]

c:\users\jillzerrusen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-7-27 53248]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-4-9 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-28 00:09 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-03 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-03 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 ARCGIS License Manager;ARCGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [2008-01-11 1372160]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-10-03 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-03 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Remote Access\ezi_ra.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\System32\wscript.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-06 16:56:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 21:56
ComboFix2.txt 2010-07-06 18:34

Pre-Run: 147,820,462,080 bytes free
Post-Run: 147,603,677,184 bytes free

- - End Of File - - F1F1F2CF70866EF967B0FED4612B6079

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Wed 07 Jul 2010, 11:36 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Wed 07 Jul 2010, 3:26 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Belahzur on Thu 08 Jul 2010, 3:06 am

Hello.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.3.3

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by jzerrusen on Thu 08 Jul 2010, 5:10 am

The computer seems to be running fine now. THANKS!!

jzerrusen

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-07-07
Operating System : vista

View user profile

Back to top Go down

Re: wuauclt.exe is infected

Post by Sponsored content Today at 6:07 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum