wuauclt.exe virus please help OTL log part 1

View previous topic View next topic Go down

wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 4:39 pm

OTL logfile created on: 6/16/2011 1:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Betsy's Account\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 563.61 Mb Available Physical Memory | 55.51% Memory free
2.39 Gb Paging File | 2.03 Gb Available in Paging File | 85.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.90 Gb Total Space | 162.61 Gb Free Space | 71.98% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.25% Space Free | Partition Type: FAT32
Drive K: | 298.09 Gb Total Space | 20.39 Gb Free Space | 6.84% Space Free | Partition Type: NTFS

Computer Name: SUEBASEMENT | User Name: Betsy's Account | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 13:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy's Account\Desktop\OTL.com
PRC - [2011/06/04 13:24:45 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010/07/10 15:09:38 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/08 18:44:00 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/08 18:43:57 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/08 18:43:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/10/13 12:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2003/04/15 10:22:08 | 001,290,302 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems Vpn\SMC\cvpnd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/16 13:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy's Account\Desktop\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/08 18:43:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/11/10 22:54:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2004/03/18 20:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/15 10:22:08 | 001,290,302 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems Vpn\SMC\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2009/09/08 18:44:00 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/08 18:43:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/22 19:26:49 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/12 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/03/12 14:25:24 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2007/02/08 09:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2007/01/04 10:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/09/15 23:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/03/27 05:53:28 | 000,167,808 | R--- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2004/10/13 13:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 06:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 20:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/04/15 10:23:24 | 000,267,333 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDrv.sys -- (CVPNDRV)
DRV - [2002/10/16 14:40:26 | 000,145,800 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/10/04 06:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/08/26 17:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2002/07/25 12:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk504.sys -- (USBCamera)
DRV - [2002/06/18 15:55:56 | 000,516,149 | ---- | M] (Digital Camera.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA504AV.SYS -- (Ca504av)
DRV - [2001/06/04 02:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 09:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/05/11 16:24:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 14:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 12:56:25 | 000,000,000 | ---D | M]

[2009/10/22 14:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Extensions
[2011/05/31 15:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Firefox\Profiles\d1eursce.default\extensions
[2010/09/03 12:17:41 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Firefox\Profiles\d1eursce.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/09/03 12:17:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Firefox\Profiles\d1eursce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/23 14:18:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Firefox\Profiles\d1eursce.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/03 12:17:44 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Betsy's Account\Application Data\Mozilla\Firefox\Profiles\d1eursce.default\extensions\personas@christopher.beard
[2011/05/31 15:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/15 20:27:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/11 22:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/18 12:58:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/16 08:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/12/22 09:27:10 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2011/05/11 16:24:38 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/12/28 18:36:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/28 09:14:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 17:52:47 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Saint Michael's College VPN Client.lnk - C:\Program Files\Cisco Systems Vpn\SMC\ipsecdialer.exe - (Cisco Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^STK02N 2.0 PNP Monitor.lnk - C:\WINDOWS\STK02N\STK02NM.exe - (Syntek Ltd.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Documents and Settings\Betsy's Account\Start Menu\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AutoTBar - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: HPHmon06 - hkey= - key= - File not found
MsConfig - StartUpReg: HPHUPD06 - hkey= - key= - c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LSBWatcher - hkey= - key= - c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {BAC01377-73DD-4796-854D-2A8997E3D68A} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.MI-SC4 - C:\WINDOWS\System32\mi-sc4.acm (Micronas Intermetall)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.SP50 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP51 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP52 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP53 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\SP5X_32.DLL (Sunplus)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 13:40:14 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Betsy's Account\Desktop\aswMBR.exe
[2011/06/16 13:38:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betsy's Account\Desktop\OTL.com
[2011/06/16 12:58:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/15 23:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/15 23:04:18 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/15 19:48:30 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/27 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betsy's Account\Desktop\Unused Desktop Shortcuts
[2006/02/06 21:14:22 | 009,352,392 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_MSN_Messenger.exe
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 13:40:19 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Betsy's Account\Desktop\aswMBR.exe
[2011/06/16 13:38:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betsy's Account\Desktop\OTL.com
[2011/06/16 13:29:16 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3314859084-3167635303-1671339562-1013UA.job
[2011/06/16 13:29:02 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3314859084-3167635303-1671339562-1013Core.job
[2011/06/16 13:02:45 | 077,660,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/16 12:58:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 12:56:13 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/16 12:55:54 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 12:55:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 23:15:38 | 000,507,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 23:15:38 | 000,089,970 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 19:48:30 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 19:30:54 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\Betsy's Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/15 19:30:52 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\Betsy's Account\Desktop\Google Chrome.lnk
[2011/06/15 18:45:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/15 18:45:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/06/15 17:39:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 12:56:10 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/06/10 15:06:45 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Betsy's Account\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/06/10 15:06:44 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/06/07 19:59:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/06/07 18:36:38 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/07 16:42:50 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/01 13:11:43 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.4.1.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 18:45:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/06/15 18:45:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/06/10 15:06:44 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/06/07 19:38:35 | 1064,685,568 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/01 13:11:43 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.4.1.lnk
[2011/06/01 13:11:42 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.1.lnk
[2010/04/29 20:53:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 20:10:23 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/22 14:23:55 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\fusioncache.dat
[2008/04/04 17:52:47 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/04/04 17:52:47 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/04/04 17:52:47 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/04/04 17:52:47 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/04/04 17:52:47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/02/03 18:43:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/01/24 19:58:53 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat.temp
[2008/01/24 19:58:53 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat.temp
[2008/01/19 08:28:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2008/01/19 08:28:05 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2008/01/19 08:28:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2008/01/19 08:28:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2008/01/19 08:28:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2008/01/19 08:28:05 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw504a.ini
[2008/01/19 08:28:05 | 000,001,906 | ---- | C] () -- C:\WINDOWS\CA504A.INI
[2008/01/19 08:28:05 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\I-dext504.ini
[2008/01/19 08:28:05 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\S-dext504.ini
[2008/01/19 08:28:05 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\F-dext504.ini
[2008/01/19 08:28:05 | 000,000,458 | ---- | C] () -- C:\WINDOWS\System32\P-dext504.ini
[2008/01/19 08:28:05 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\G-dext504.ini
[2008/01/19 08:28:05 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\H-dext504.ini
[2008/01/19 08:28:05 | 000,000,453 | ---- | C] () -- C:\WINDOWS\System32\E-dext504.ini
[2008/01/19 08:28:05 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Setup504.ini
[2008/01/19 08:28:04 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\amcap504.exe
[2007/09/09 17:29:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SWIFTREC.INI
[2007/06/13 18:26:10 | 000,000,039 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/04 11:30:33 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/04 14:07:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/04 14:07:32 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/09 13:24:30 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/02 16:15:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/06/19 21:36:16 | 000,036,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2005/09/24 14:38:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/09/11 18:59:52 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2005/09/08 20:51:08 | 000,122,944 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/09/03 12:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/03 12:53:23 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/09/03 12:53:15 | 000,005,336 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/03/05 13:30:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/05 13:00:53 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/03/05 12:59:22 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/03/05 12:59:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/03/05 12:58:54 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/05 12:56:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/05 12:46:00 | 000,086,562 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/03/05 12:44:43 | 000,094,364 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2005/03/05 12:44:43 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2005/03/05 12:39:24 | 000,050,501 | ---- | C] () -- C:\WINDOWS\hpdins03.dat
[2005/03/05 12:39:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2005/03/05 12:36:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/05 12:34:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/03/05 12:25:45 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/03/05 12:24:37 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/03/05 12:24:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/03/05 12:24:16 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/29 10:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/14 23:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/14 23:43:00 | 000,507,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/14 23:43:00 | 000,089,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/14 23:41:10 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/14 23:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/14 23:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/09/13 12:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 23:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/19 23:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 17:38:02 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/07 07:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2004/01/27 08:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2010/01/27 13:48:18 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Betsy's Account\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/16 13:40:19 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Betsy's Account\Desktop\aswMBR.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/28 14:28:09 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/05/28 14:28:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/05/28 14:28:44 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/02/15 17:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2011/06/07 15:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/07/02 15:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/02/16 13:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2005/03/05 12:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\BackWeb
[2008/01/19 08:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\CamManager
[2008/04/12 15:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/04/12 14:58:02 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2005/09/08 20:51:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems Vpn
[2007/06/13 18:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/06/07 17:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/03/05 12:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/08/25 09:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2005/09/03 15:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Internet signup
[2010/02/16 19:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/03/05 12:38:46 | 000,000,000 | ---D | M] -- C:\Program Files\Help and Support Additions
[2005/03/05 12:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/03/05 12:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/06/07 16:53:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/03/05 12:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\IntelliMover Data Transfer Demo
[2005/03/05 12:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2010/04/30 12:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/07 16:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/07/02 15:21:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/12/15 13:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2007/07/02 15:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/05/16 08:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2005/10/13 11:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\K1RFD
[2005/03/05 12:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Macrovision Corp
[2009/09/18 11:22:03 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/28 18:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2005/09/11 20:11:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/05/09 20:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/03/05 12:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/28 17:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2005/09/11 20:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/03/05 12:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Dancer LE
[2005/03/05 12:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2010/11/28 18:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2005/03/05 12:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/03/05 12:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/11/28 18:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 20:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/31 15:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/04/30 13:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/02/12 19:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/02/16 13:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2005/03/05 12:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/03/05 12:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/14 08:33:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/06/07 16:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2006/07/05 21:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2009/09/18 11:11:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/01 18:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Norton SystemWorks
[2005/03/05 12:44:04 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/14 23:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2005/03/05 12:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2007/12/04 04:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
[2009/10/01 19:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\PDF995
[2008/04/04 17:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2007/05/02 17:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/03/05 12:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/04/30 13:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/01 17:12:25 | 000,000,000 | ---D | M] -- C:\Program Files\REFLEX
[2008/04/13 15:00:45 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/10/01 18:43:53 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2008/04/12 15:00:33 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2005/03/05 12:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2005/03/05 12:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic RecordNow!
[2009/03/01 17:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/10/01 19:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\TaxCut07
[2009/10/01 19:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\TaxCut08
[2006/06/03 20:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2007/02/27 09:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2005/03/05 12:45:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/03/05 12:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2005/09/03 15:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/10/01 18:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\WILLPower
[2009/09/18 11:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/09/18 11:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/03/05 12:46:59 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/03/05 12:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/10/09 13:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2009/12/20 13:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/09/18 11:05:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll


m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 4:40 pm

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-16 17:09:10

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/28 14:28:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/28 14:28:13 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Betsy's Account\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 4:40 pm

OTL Extras logfile created on: 6/16/2011 1:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Betsy's Account\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 563.61 Mb Available Physical Memory | 55.51% Memory free
2.39 Gb Paging File | 2.03 Gb Available in Paging File | 85.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.90 Gb Total Space | 162.61 Gb Free Space | 71.98% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.83 Gb Free Space | 26.25% Space Free | Partition Type: FAT32
Drive K: | 298.09 Gb Total Space | 20.39 Gb Free Space | 6.84% Space Free | Partition Type: NTFS

Computer Name: SUEBASEMENT | User Name: Betsy's Account | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"500:UDP" = 500:UDP:*:Enabled:mikenet
"10000:UDP" = 10000:UDP:*:Enabled:mikenet
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Cisco Systems Vpn\SMC\ipsecdialer.exe" = C:\Program Files\Cisco Systems Vpn\SMC\ipsecdialer.exe:*:Enabled:St. Michael's College VPN Dialer -- (Cisco Systems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37921810-D90B-4DFD-9284-BE35033B39C8}" = Mega Camera Manager
"{3796E3A3-1EE5-40E7-9E82-EE035C94393B}" = Studio 11
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B41F81C2-71C5-4848-AFBC-5049FC724584}" = PS8100
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}" = LS_HSI
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.0
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"7-Zip" = 7-Zip 9.20
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.0.8 Standard
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVG8Uninstall" = AVG Free 8.5
"BackWeb-309731 Uninstaller" = Updates from HP
"Canon CanoScan LiDE 70 User Registration" = Canon CanoScan LiDE 70 User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"D-Fend Reloaded" = D-Fend Reloaded 1.0.3 (deinstall)
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mega Camera" = Mega Camera, WDM Video Capture
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime32" = QuickTime for Windows (32-bit)
"Registry Mechanic_is1" = Registry Mechanic 6.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XP Codec Pack" = XP Codec Pack
"Yahoo! Photos Drag-Drop Uploader 1v6" = Yahoo! Photos Easy Upload Tool 1v6
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2011 9:24:59 AM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 9:29:59 AM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 1:05:20 PM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 1:10:20 PM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 1:15:20 PM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 1:20:20 PM | Computer Name = SUEBASEMENT | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Internet connection not detected.

Error - 6/14/2011 1:53:09 PM | Computer Name = SUEBASEMENT | Source = Application Error | ID = 1000
Description = Faulting application lightroom.exe, version 3.4.1.10, faulting module
ui.dll, version 3.4.1.10, fault address 0x0001ff87.

Error - 6/14/2011 1:53:59 PM | Computer Name = SUEBASEMENT | Source = Application Error | ID = 1001
Description = Fault bucket -1836688126.

Error - 6/15/2011 8:06:08 PM | Computer Name = SUEBASEMENT | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.8.117.43, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/16/2011 12:57:37 PM | Computer Name = SUEBASEMENT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2536276).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2535512).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2503665).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows XP (KB2476490).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Cumulative Security Update for Internet Explorer 6 for Windows
XP (KB2530548).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).

Error - 6/16/2011 1:09:10 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Malicious Software Removal Tool - June 2011 (KB890830).

Error - 6/16/2011 1:10:11 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft Excel 2002 (KB2541003).

Error - 6/16/2011 1:10:11 PM | Computer Name = SUEBASEMENT | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB2518864).


< End of report >

m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 4:41 pm

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-16 16:30:50
-----------------------------
16:30:50.984 OS Version: Windows 5.1.2600 Service Pack 3
16:30:50.984 Number of processors: 2 586 0x403
16:30:50.984 ComputerName: SUEBASEMENT UserName:
16:30:52.781 Initialize success
16:30:57.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
16:30:57.609 Disk 0 Vendor: WDC_WD2500JD-00HBB0 08.02D08 Size: 238475MB BusType: 3
16:30:59.640 Disk 0 MBR read successfully
16:30:59.640 Disk 0 MBR scan
16:30:59.640 Disk 0 unknown MBR code
16:31:01.640 Disk 0 scanning sectors +488376000
16:31:01.656 Disk 0 scanning C:\WINDOWS\system32\drivers
16:31:10.953 Service scanning
16:31:12.031 Disk 0 trace - called modules:
16:31:12.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
16:31:12.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8bab8]
16:31:12.046 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f50d98]
16:31:12.046 Scan finished successfully
16:31:55.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Betsy's Account\Desktop\MBR.dat"
16:31:55.656 The log file has been saved successfully to "C:\Documents and Settings\Betsy's Account\Desktop\aswMBR.txt"


m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 4:43 pm

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 8.5
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by Belahzur on Thu Jun 16, 2011 8:08 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Thu Jun 16, 2011 10:25 pm

I did as you said with the ComboFix download, however it tells me when I try to run it that it cannot run if AVG is installed. I did disable the Resident Shield as the directions in the BleepingComputer link specified. I tried to uninstall AVG entirely through the Control Panel>Add/Remove Programs, but the uninstall failed due to a registry key error. Is there a way around this?

m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by Belahzur on Fri Jun 17, 2011 1:53 pm

Hello.

Download and install [You must be registered and logged in to see this link.]


  • Double click the Revo Uninstaller icon on your desktop to start the program
  • Scroll through the listed programs and Right Click on the program you wish to uninstall
  • From the pop out menu choose Uninstall
  • Click Yes to the confirmation dialogue
  • In the next window select the Advanced mode
  • Click Next to start uninstalling the program
  • Answer Yes to confirm the uninstall
  • When the program has completed the four steps, click Next to allow the program to search for leftovers
  • Once complete, click Next, then Finish
  • Repeat the above steps for any other programs you wish to remove.

Try Combofix now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by m00nsh1ne on Sat Jun 18, 2011 10:01 am

I used the uninstall program provided, however the tray icon is still present (even though when I open AVG from that icon it says its empty) and I deleted ComboFix and then downloaded it again and ran it with no windows open, and it still says it cannot run if AVG is installed!
The only thing I can think that I might have screwed up is when using RevoUninstall towards the end it gave me a list of items to check off. I took it as only checking the bold font items as that is the only instruction it gave and I didn't want to check off things that I did not recognize as being AVG. It may be that I should have checked off the entire first list (it was a tree). It took an hour to delete the items that were checked off... Sorry this is so messed up Sad tearing


m00nsh1ne
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-12-01
Gender Gender : Female
OS OS : XP
Protection Protection : AVG 8.5
Points Points : 25834
# Likes # Likes : 0

View user profile

Back to top Go down

Re: wuauclt.exe virus please help OTL log part 1

Post by Sneakyone on Mon Jun 20, 2011 11:45 pm

Hi,

Please run this: [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum