Persistent wuauclt.exe errors = malware infection?

[regismayhem]

ComboFix 09-03-12.01 - Home 2009-03-12 21:52:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.216 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\documents and settings\Home\Application Data\Malwarebytes
2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 00:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 00:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 21:06 . 2009-03-07 21:06 <DIR> d-------- c:\documents and settings\Home\Application Data\InstallShield
2009-03-05 00:53 . 2009-03-05 00:53 <DIR> d-------- c:\program files\CCleaner
2009-03-05 00:32 . 2009-03-05 00:56 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-04 23:49 . 2009-03-04 23:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 01:55 . 2009-03-04 01:59 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-27 20:05 . 2009-03-01 23:20 <DIR> d-------- c:\documents and settings\Home\Application Data\.purple
2009-02-27 20:03 . 2009-02-27 20:03 <DIR> d-------- c:\program files\Pidgin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 02:44 256 ----a-w c:\documents and settings\Home\pool.bin
2009-03-11 03:13 --------- d-----w c:\program files\Spybot
2009-03-11 03:12 --------- d-----w c:\program files\mozilla.org
2009-03-11 03:11 --------- d-----w c:\program files\Lavasoft
2009-03-10 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-09 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-09 03:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-06 03:44 --------- d-----w c:\documents and settings\Home\Application Data\AVG7
2009-03-05 05:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 05:57 --------- d-----w c:\program files\Common Files\Adobe
2009-02-28 01:05 --------- d-----w c:\documents and settings\Home\Application Data\.gaim
2009-02-28 00:55 --------- d-----w c:\program files\Gaim
2009-02-21 19:11 --------- d-----w c:\documents and settings\Home\Application Data\Canon
2009-01-23 05:59 --------- d-----w c:\documents and settings\Home\Application Data\OpenOffice.org2
2005-12-05 17:59 1,615,920 ----a-w c:\program files\Mozilla Firefox.sit
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2007-07-17 1328400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-06-03 180316]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-07 274432]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-24 590848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-09 282624]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"nwiz"="nwiz.exe" [2003-06-24 c:\windows\system32\nwiz.exe]
"WLANSTA.EXE"="WLANSTA.EXE" [2002-07-04 c:\windows\system32\WLANSTA.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-08-28 54512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
--a------ 2005-12-16 18:59 107008 c:\program files\eFax Messenger 4.1\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-06-24 13:32 4800512 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-09 12:17 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Funkitron\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=

R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-05-02 68480]
S3 G231;G101/G231 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2005-04-02 117248]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys --> c:\windows\system32\DRIVERS\tnet1130x.sys [?]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [2005-06-01 593920]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795}
IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
TCP: {35459D40-1C1D-4993-B2D8-5E9E24AA64E1} = 68.168.96.130,68.168.96.133
TCP: {A9C61ABE-41F4-4377-AE7E-ABA36F6AA123} = 68.168.96.130,68.168.96.133
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - hxxp://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\uonxpt28.default\
FF - prefs.js: browser.startup.homepage - file:///C:/_maddie/index.html

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 21:55:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ??TB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-12 21:59:34
ComboFix-quarantined-files.txt 2009-03-13 02:58:46
ComboFix2.txt 2009-03-10 05:06:20
ComboFix3.txt 2009-03-10 04:45:44

Pre-Run: 19,364,487,168 bytes free
Post-Run: 19,362,160,640 bytes free

138

[regismayhem]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 13, 2009 03:53:16
Records in database: 1894165
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 71902
Threat name: 3
Infected objects: 17
Suspicious objects: 20
Duration of the scan: 02:04:22


File name / Threat name / Threats count
C:\Documents and Settings\Adam\Application Data\Thunderbird\Profiles\default\o1ey5hu8.slt\Mail\Local Folders\Trash Infected: Exploit.HTML.ObjData 16
C:\Documents and Settings\Adam\Local Settings\Application Data\Identities\{DF628F52-5A8C-4562-B1AD-6212015CAF24}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Home\Application Data\Thunderbird\Profiles\icpqegos.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 9
C:\Documents and Settings\Home\Application Data\Thunderbird\Profiles\icpqegos.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Program Files\Oracle_Toolbar_1.2\oracle.dll Infected: not-a-virus:AdWare.Win32.SearchIt.f 1

The selected area was scanned.

[Blade81]

Hi

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Check email messages in these locations (using email clients) and delete those that looks suspicious to you:
C:\Documents and Settings\Adam\Application Data\Thunderbird\Profiles\default\o1ey5hu8.slt\Mail\Local Folders\Trash
C:\Documents and Settings\Adam\Local Settings\Application Data\Identities\{DF628F52-5A8C-4562-B1AD-6212015CAF24}\Microsoft\Outlook Express\Sent Items.dbx
C:\Documents and Settings\Home\Application Data\Thunderbird\Profiles\icpqegos.default\Mail\Local Folders\Inbox
C:\Documents and Settings\Home\Application Data\Thunderbird\Profiles\icpqegos.default\Mail\Local Folders\Trash

Post a fresh dds.txt after that and let me know how's the system running.

[regismayhem]

DDS (Ver_09-02-01.01) - NTFSx86
Run by Home at 22:31:58.59 on Fri 03/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.216 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Home\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [WLANSTA.EXE] WLANSTA.EXE START
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music engine\ymetray.exe
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: &Block This Image (ABP) - c:\program files\adblock pro\blockimg.html
IE: {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - hxxp://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
TCP: {35459D40-1C1D-4993-B2D8-5E9E24AA64E1} = 68.168.96.130,68.168.96.133
TCP: {A9C61ABE-41F4-4377-AE7E-ABA36F6AA123} = 68.168.96.130,68.168.96.133

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\uonxpt28.default\
FF - prefs.js: browser.startup.homepage - file:///C:/_maddie/index.html

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19
============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-5-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2005-10-22 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2006-11-13 10760]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2005-8-10 4960]
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-5-2 68480]
S2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-9 418816]
S2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-8-10 49664]
S2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2005-12-9 406528]
S3 G231;G101/G231 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2005-4-2 117248]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\tnet1130x.sys --> c:\windows\system32\drivers\tnet1130x.sys [?]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [2005-6-1 593920]

=============== Created Last 30 ================

2009-03-10 00:11 <DIR> --d----- c:\docume~1\home\applic~1\Malwarebytes
2009-03-10 00:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-10 00:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 00:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 00:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-09 23:32 <DIR> --d----- C:\cmdcons
2009-03-09 23:30 161,792 a------- c:\windows\SWREG.exe
2009-03-09 23:30 98,816 a------- c:\windows\sed.exe
2009-03-05 00:53 <DIR> --d----- c:\program files\CCleaner
2009-03-05 00:32 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-04 23:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 13:10 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-27 20:05 <DIR> --d----- c:\docume~1\home\applic~1\.purple
2009-02-27 20:03 <DIR> --d----- c:\program files\Pidgin

==================== Find3M ====================

2009-03-12 21:44 256 a------- c:\documents and settings\home\pool.bin
2005-12-05 12:59 1,615,920 a------- c:\program files\Mozilla Firefox.sit

============= FINISH: 22:32:34.95 ===============

[regismayhem]

After the last DDS run, I'm still seeing the error as originally described. I've had to close the wuauclt.exe error twice just in the typing of this message... make it three times.

Thanks,
RM

[Blade81]

Hi

Click Start>>Run>> write: sfc /scannow. Have Windows CD handy since you may be asked to insert it in.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.