TechSpot

Windows Vista 32 bit updates not updating

Inactive
By MysterioMask
May 26, 2011
  1. I have a computer i was given running windows vista 32 bit, tried asking in the mobil computing section but no one was really helping so asking here, anyway, ran some virus scans and removed most of the viruses, but when i go to do windows updates on it. It fails all the updates and gives me a error: Code 800F0900

    How can i get updates to work again
     
  2. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Running combofix didnt fix the problem
     
  3. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Ran combofix, ran some registry cleaners, ran malwarebytes, ran superantispyware, ran tdsskiller, tried installing sp2 manually through a download, tried installing system rediness through a download, ran microsoft fix-it, ran combofix again. ran chkdsk on startup, tried running all in safemode. Hit the computer a couple times. So far nothing seems to work. Whats the next course of action.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    Note: Scans should be run in Normal Mode if possible, unless told differently.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Get hold of yourself and wait for help. Follow the steps in the thread> nothing else.

    Remove all of the programs below that you ran in an effort to fix the system.
    And please use the Edit feature when you have a short comment to make. Each new post generates an email to the person subscribed.

    And note please, I do not work on abused computers:
     
  5. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Sorry about all of that, its just that ive been working on this for about a week and have been waiting for someone to respond to one of the posts for quite a while and didnt want it to sink into an unresponded black hole, since apparently this is a common problem online after searching around for it, the problem is so far none of the sugggestions ive found on line have seemed to work yet, and all i want is for the updates to work properly. and i didnt actually hit it, was just trying to get some kind of attention, cuz its been a while. But here are the logs starting with malware.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6694

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048

    5/27/2011 4:04:02 PM
    mbam-log-2011-05-27 (16-04-02).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|)
    Objects scanned: 470449
    Time elapsed: 1 hour(s), 18 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Here is gmer

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-28 14:39:55
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925042 rev.DE13
    Running: 00i71ybf.exe; Driver: C:\Users\josh\AppData\Local\Temp\pxldypow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x62 ? 8729DCC8
    INT 0x72 ? 8729DCC8
    INT 0x72 ? 8729DCC8
    INT 0x72 ? 8729DCC8
    INT 0x82 ? 8729DCC8
    INT 0x82 ? 8729DCC8
    INT 0x82 ? 8729DCC8
    INT 0x82 ? 8729DCC8
    INT 0xA2 ? 84EF1CC8
    INT 0xB1 ? 84EF0CC8
    INT 0xB1 ? 84EF0CC8
    INT 0xB2 ? 84EF8CC8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text sptd.sys 8B681000 32 Bytes [9E, 0F, 5D, 82, 60, 7F, 5C, ...]
    .text sptd.sys 8B681024 4 Bytes [D2, 03, 7B, 8B] {ROL BYTE [EBX], CL; JNP 0xffffffffffffff8f}
    .text sptd.sys 8B68102C 224 Bytes [12, 8F, 40, 82, C9, CA, 3B, ...]
    .text sptd.sys 8B68110D 199 Bytes [D8, 25, 82, B2, 54, 24, 82, ...]
    .text sptd.sys 8B6811E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}
    .text ...
    .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B778D38]
    ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
    PAGE PCIIDEX.SYS!DllUnload 8B86F5C0 5 Bytes JMP 84EF51D8
    PAGE ataport.SYS!DllUnload 8BA13B2E 5 Bytes JMP 84EF11D8
    .text USBPORT.SYS!DllUnload 902F54CB 5 Bytes JMP 8729D1D8

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B682FE0] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B682574] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B6820C0] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B6831BC] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8B6822A4] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B682362] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8B697312] \SystemRoot\System32\Drivers\sptd.sys

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x37 0x7F 0x86 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0x83 0xE7 0x52 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x25 0xD9 0x0E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0xAE 0x86 0x11 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0xAB 0x4B 0x58 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xE4 0xF3 0xB5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x37 0x7F 0x86 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0x83 0xE7 0x52 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x25 0xD9 0x0E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0xAE 0x86 0x11 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0xAB 0x4B 0x58 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xE4 0xF3 0xB5 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pl-PL~0.0.0.0@Package_for_KB958481_client_0~31bf38"\0\0\0+Vþÿ\25VþÿjVþÿ\xb0\0\16\0édþ 2
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C643FBD2DBD19046958F0E5ABBA5D98@9D4289C9000937346A5A0D5E4D383149 C:\Program Files\Adobe\Adobe Bridge CS3\resource\adobe_epic\eula\ar_AE\
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8414F1375367893429D89D81A6EC53AE@9D4289C9000937346A5A0D5E4D383149 C:\Program Files\Adobe\Adobe Bridge CS3\resource\adobe_epic\eula\ar_SA\

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- EOF - GMER 1.0.15 ----


    DDS and then attach

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048
    Run by josh at 14:40:11 on 2011-05-28
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2002 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\system32\aestsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\josh\Desktop\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\1zivtgyd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\josh\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\1zivtgyd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-7 214664]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-7 73728]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-7 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-7 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-7 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-7 40552]
    S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
    S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-10-7 209408]
    .
    =============== Created Last 30 ================
    .
    2072-07-31 21:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll
    2011-05-27 18:21:22 -------- d-----w- c:\users\josh\appdata\local\temp
    2011-05-27 18:20:36 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-27 18:10:24 -------- d-----w- c:\windows\system32\catroot2
    2011-05-27 17:57:43 -------- d-----w- c:\programdata\RegCure
    2011-05-27 16:45:02 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b7d0df0-af02-4088-a6c2-6f41fe6e284d}\mpengine.dll
    2011-05-25 16:37:56 -------- d-----w- C:\2627b3998478df444930d01b3dade3
    2011-05-24 20:31:11 -------- d-----w- C:\bb37e3a82d6d4aa35fb7d511
    2011-05-23 19:40:42 -------- d-----w- c:\program files\common files\Windows Live
    2011-05-23 19:38:36 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-05-23 19:35:14 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-05-22 15:04:21 98816 ----a-w- c:\windows\sed.exe
    2011-05-22 15:04:21 89088 ----a-w- c:\windows\MBR.exe
    2011-05-22 15:04:21 256512 ----a-w- c:\windows\PEV.exe
    2011-05-22 15:04:21 161792 ----a-w- c:\windows\SWREG.exe
    2011-05-14 20:03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-12 21:59:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    .
    ==================== Find3M ====================
    .
    2011-04-12 23:52:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-04-09 22:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
    2011-04-09 22:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    .
    ============= FINISH: 14:40:35.19 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/7/2008 5:56:23 AM
    System Uptime: 5/28/2011 11:52:25 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0D501F
    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 220 GiB total, 36.856 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.044 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
    Description: Serial Cable using IrDA Protocol
    Device ID: ROOT\INFRARED\0000
    Manufacturer: (Standard Infrared Port)
    Name: Serial Cable using IrDA Protocol
    PNP Device ID: ROOT\INFRARED\0000
    Service: irsir
    .
    Class GUID: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
    Description: Serial Cable using IrDA Protocol
    Device ID: ROOT\INFRARED\0001
    Manufacturer: (Standard Infrared Port)
    Name: Serial Cable using IrDA Protocol #2
    PNP Device ID: ROOT\INFRARED\0001
    Service: irsir
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: ADS Instant HDTV PCI
    Device ID: ROOT\MEDIA\0000
    Manufacturer: ADS Technologies
    Name: ADS Instant HDTV PCI
    PNP Device ID: ROOT\MEDIA\0000
    Service: Ph3xIB32
    .
    ==== System Restore Points ===================
    .
    RP867: 5/26/2011 9:20:39 PM - Windows Update
    RP868: 5/27/2011 11:52:13 AM - Installed Microsoft Fix it 50202
    RP869: 5/27/2011 12:18:02 PM - Windows Update
    RP870: 5/27/2011 12:44:51 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Production Premium
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Template Projects & Footage
    Adobe After Effects CS3 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Production Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dynamiclink Support
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe Encore CS3 Library
    Adobe Encore CS4
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS3
    Adobe Extension Manager CS4
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Glyphlet Creation Tool CS3
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe Linguistics CS3
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe OnLocation CS3
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Reader 9.1.1
    Adobe Setup
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Soundbooth CS3 Scores
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Ultra CS3
    Adobe Ultra CS3 - MSL Legacy Support
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AHV content for Acrobat and Flash
    Akamai NetSession Interface
    Amazon MP3 Downloader 1.0.10
    Anime Studio Debut 6.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Area 51(R)
    ASIO4ALL
    AutoUpdate
    Beat Hazard
    Bonjour
    Browser Address Error Redirector
    Canon PhotoRecord
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RAW Image Converter
    Canon Utilities RemoteCapture 2.1
    Canon Utilities ZoomBrowser EX
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Complete Care Business Service Agreement
    Corel Painter Essentials 4
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    EDocs
    EP Budgeting
    EP Scheduling
    Fingerprint Reader Suite 5.6
    FL Studio 8
    free-downloads.net Toolbar
    G-Force
    GameSpy Arcade
    GoToAssist 8.0.0.514
    Halo 2 for Windows Vista
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IL Download Manager
    Inkscape 0.46
    Intel(R) Matrix Storage Manager
    iTunes
    Java(TM) 6 Update 5
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Magic Bullet Colorista
    Magic Bullet Looks
    Magic Bullet Looks Vegas
    Magic Bullet Mojo
    Magic Bullet Mojo Vegas
    Malwarebytes' Anti-Malware
    MediaDirect
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Halo
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Morrowind
    Movie Magic Screenwriter 6
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA Drivers
    Oblivion
    OutlookAddinSetup
    Painkiller
    Pando Media Booster
    PDF Settings
    Photoshop Camera Raw
    PoiZone
    Poser Pro
    QualXServ Service Agreement
    QuickSet
    QuickTime
    Real Alternative 1.60
    RegCure
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spelling Dictionaries Support For Adobe Reader 9
    Star Wars Battlefront
    Star Wars Battlefront II
    Star Wars Republic Commando
    Suite Shared Configuration CS4
    TES Construction Set
    Toxic Biohazard
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Vegas Pro 9.0
    VLC media player 0.9.4
    VoiceOver Kit
    Wacom Tablet
    WhiteCap
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Writer
    Windows Mobile Device Updater Component
    WinRAR 4.00 (32-bit)
    Xfire (remove only)
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry for delay! As you may have noticed, this forum is a very busy place.
    Questions:
    1. Regarding the failed updates:
    If there is a failed update- that is, one that didn't install correctly, you won't be able to get more updates unless the failed update is removed.

    2. I note these restore points:
    Did you set these in anticipation of an update?
    There are some current security updates on the system. If you are having problem with a particular update, t would help if I knew the update number.

    3. Java is way out of date (v6u5) The current is v6u25. The older program is an vulnerability on the system and should be uninstalled. Then update from here:Java Updates

    4. Malware on a system can cause updates to fail, but so can a problem with the Microsoft Download site. I'd like you to run the following scans to see if they pick anything up. There are questions in GMER and a few processes I will recommend you remove. But so far I am not seeing a cause for failed updates. programs I will
    ======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Esetscan log:

    C:\Program Files\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application


    Combofix log:

    ComboFix 11-05-31.01 - josh 05/31/2011 23:45:07.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2010 [GMT -4:00]
    Running from: c:\users\josh\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
    .
    .
    2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
    2011-06-01 03:52 . 2011-06-01 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-31 20:39 . 2011-05-31 20:39 -------- d-----w- c:\program files\ESET
    2011-05-31 19:25 . 2011-05-31 19:25 -------- d-----w- c:\program files\Common Files\Java
    2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\users\josh\AppData\Local\LogMeIn
    2011-05-29 03:14 . 2011-03-01 16:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2011-05-29 03:14 . 2011-03-01 16:12 29568 ----a-w- c:\windows\system32\LMIport.dll
    2011-05-29 03:14 . 2011-03-01 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-05-29 03:14 . 2010-09-17 19:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-05-29 03:14 . 2011-03-01 16:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-05-29 03:14 . 2011-05-31 04:22 -------- d-----w- c:\programdata\LogMeIn
    2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\program files\LogMeIn
    2011-05-29 01:03 . 2011-05-29 01:03 -------- d-----w- c:\users\josh\AppData\Roaming\Avira
    2011-05-29 01:01 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-29 01:01 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\programdata\Avira
    2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\program files\Avira
    2011-05-27 18:21 . 2011-06-01 03:52 -------- d-----w- c:\users\josh\AppData\Local\temp
    2011-05-27 18:10 . 2011-05-27 18:15 -------- d-----w- c:\windows\system32\catroot2
    2011-05-27 17:57 . 2011-05-27 18:03 -------- d-----w- c:\programdata\RegCure
    2011-05-27 17:57 . 2011-05-27 18:01 -------- d-----w- c:\program files\RegCure
    2011-05-27 16:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B7D0DF0-AF02-4088-A6C2-6F41FE6E284D}\mpengine.dll
    2011-05-25 16:37 . 2011-05-25 16:42 -------- d-----w- C:\2627b3998478df444930d01b3dade3
    2011-05-24 20:31 . 2011-05-24 20:31 -------- d-----w- C:\bb37e3a82d6d4aa35fb7d511
    2011-05-23 19:40 . 2011-05-23 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-05-23 19:38 . 2011-05-23 19:38 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-05-23 19:35 . 2011-05-23 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-05-23 19:34 . 2011-05-23 19:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-05-14 20:03 . 2011-05-14 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-12 21:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-12 23:52 . 2010-01-28 03:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
    2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2011-05-03 06:35 . 2011-03-25 04:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2009-12-31 15:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-28 3088520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-10-07 15:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-12 436792]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-31 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-05-27 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-31 23:52
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,f5,18,a8,17,cf,a7,43,80,ba,f7,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,f5,18,a8,17,cf,a7,43,80,ba,f7,\
    .
    [HKEY_USERS\S-1-5-21-3721818986-1728719574-3548816263-1000\¬ î**]
    @Allowed: (Read) (RestrictedCode)
    "MachineID"=hex:4f,43,4b,43,1e,eb,5f,00
    DUMPHIVE0.003 (REGF)
    .
    Completion time: 2011-05-31 23:53:49
    ComboFix-quarantined-files.txt 2011-06-01 03:53
    ComboFix2.txt 2011-05-27 18:21
    ComboFix3.txt 2011-05-22 16:07
    ComboFix4.txt 2011-05-22 15:50
    ComboFix5.txt 2011-06-01 03:44
    .
    Pre-Run: 39,974,064,128 bytes free
    Post-Run: 39,939,387,392 bytes free
    .
    - - End Of File - - C5D5A2E173B080F26CE7C7109924210F
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\programdata\RegCure
    C:\2627b3998478df444930d01b3dade3
    C:\bb37e3a82d6d4aa35fb7d511
    DDS::
    uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    =================================================
    Advise uninstall RegCure: We do not recommend anyone using a Regustry cleaner.
    Then stop these Scheduled Tasks>> RegCure Program Check x2
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete. (For RegCure )
      [*] To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.


    Maintenance Scheduled Tasks such as defrag are in a separate category.
    =====================================
    Did you run the Eset Scan?
     
  9. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Heres the combofix log

    ComboFix 11-06-03.04 - josh 06/03/2011 17:09:50.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2228 [GMT -4:00]
    Running from: c:\users\josh\Desktop\ComboFix.exe
    Command switches used :: c:\users\josh\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\2627b3998478df444930d01b3dade3
    C:\bb37e3a82d6d4aa35fb7d511
    c:\bb37e3a82d6d4aa35fb7d511\$shtdwn$.req
    c:\bb37e3a82d6d4aa35fb7d511\checksur.exe
    c:\bb37e3a82d6d4aa35fb7d511\checksurlauncher.exe
    c:\program files\dell\bae\BAE.dll
    c:\program files\free-downloads.net\tbfree.dll
    c:\programdata\RegCure
    c:\programdata\RegCure\multipledetection.dat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
    .
    .
    2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
    2011-06-03 21:16 . 2011-06-03 21:16 -------- d-----w- c:\users\josh\AppData\Local\temp
    2011-06-03 21:16 . 2011-06-03 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-31 20:39 . 2011-05-31 20:39 -------- d-----w- c:\program files\ESET
    2011-05-31 19:25 . 2011-05-31 19:25 -------- d-----w- c:\program files\Common Files\Java
    2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\users\josh\AppData\Local\LogMeIn
    2011-05-29 03:14 . 2011-03-01 16:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2011-05-29 03:14 . 2011-03-01 16:12 29568 ----a-w- c:\windows\system32\LMIport.dll
    2011-05-29 03:14 . 2011-03-01 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-05-29 03:14 . 2010-09-17 19:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2011-05-29 03:14 . 2011-03-01 16:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-05-29 03:14 . 2011-06-03 04:34 -------- d-----w- c:\programdata\LogMeIn
    2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\program files\LogMeIn
    2011-05-29 01:03 . 2011-05-29 01:03 -------- d-----w- c:\users\josh\AppData\Roaming\Avira
    2011-05-29 01:01 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-05-29 01:01 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\programdata\Avira
    2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\program files\Avira
    2011-05-27 18:10 . 2011-06-03 20:53 -------- d-----w- c:\windows\system32\catroot2
    2011-05-27 16:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B7D0DF0-AF02-4088-A6C2-6F41FE6E284D}\mpengine.dll
    2011-05-23 19:40 . 2011-05-23 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-05-23 19:38 . 2011-05-23 19:38 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-05-23 19:35 . 2011-05-23 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-05-23 19:34 . 2011-05-23 19:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-05-14 20:03 . 2011-05-14 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-12 21:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-12 23:52 . 2010-01-28 03:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
    2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
    2011-05-03 06:35 . 2011-03-25 04:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-28 3088520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-10-07 15:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-12 436792]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-03 17:16
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3721818986-1728719574-3548816263-1000\¬ î**]
    @Allowed: (Read) (RestrictedCode)
    "MachineID"=hex:4f,43,4b,43,1e,eb,5f,00
    DUMPHIVE0.003 (REGF)
    .
    Completion time: 2011-06-03 17:17:54
    ComboFix-quarantined-files.txt 2011-06-03 21:17
    ComboFix2.txt 2011-06-01 03:53
    ComboFix3.txt 2011-05-27 18:21
    ComboFix4.txt 2011-05-22 16:07
    ComboFix5.txt 2011-06-03 21:06
    .
    Pre-Run: 29,345,411,072 bytes free
    Post-Run: 29,325,283,328 bytes free
    .
    - - End Of File - - B668CAF3DADD2913E5932B48B2BADD69







    I got an error when i opened task scheduler it read like this


    The task image is corrupt or has been tampered with.mcupdate


    As for running eset yes i did run it, i listed its printout in the first line, it only found 1 thing
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry for delay- we are swamped! I missed that one line from Eset- best to include entire log.


    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Program Files\DAEMON Tools Lite\uninst.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================
    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Do you plan to continue?
     
     
  12. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Yes i wish to continue, sorry very busy the last few days havent had time to work on it.

    Heres the OTmoveit log

    All processes killed
    ========== FILES ==========
    C:\Program Files\DAEMON Tools Lite\uninst.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 328041 bytes
    ->Flash cache emptied: 593 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: josh
    ->Temp folder emptied: 9373293 bytes
    ->Temporary Internet Files folder emptied: 210888334 bytes
    ->Java cache emptied: 112268 bytes
    ->FireFox cache emptied: 55068533 bytes
    ->Flash cache emptied: 105531 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1264 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48603 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13167062 bytes
    RecycleBin emptied: 1035943 bytes

    Total Files Cleaned = 277.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06102011_172031

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    ----------------------
    here is the OTL log

    =============

    OTL logfile created on: 6/10/2011 5:30:09 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 65.76% Memory free
    7.18 Gb Paging File | 6.08 Gb Available in Paging File | 84.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.29 Gb Total Space | 18.36 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
    Drive E: | 3.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JOSH-PC | User Name: josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
    PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
    PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\PSIService.exe ()
    PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
    PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
    DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
    DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
    DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
    DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
    DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
    DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
    DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 02:35:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:24:26 | 000,000,000 | ---D | M]

    [2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions
    [2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/05/25 18:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions
    [2011/03/20 21:21:33 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/03/20 21:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/20 21:21:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/04/13 01:26:50 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
    [2011/04/13 01:26:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\engine@conduit.com
    [2011/03/25 01:55:25 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\piclens@cooliris.com
    [2011/03/21 16:07:24 | 000,000,939 | ---- | M] () -- C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\searchplugins\conduit.xml
    [2011/05/31 15:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/31 15:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZIVTGYD.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
    [2011/05/03 02:35:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/31 15:24:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/06/03 17:16:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/02 15:21:51 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/10 17:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
    [2011/06/10 17:20:31 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/06/10 17:19:10 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
    [2011/06/03 17:17:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp
    [2011/06/03 17:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/05/31 23:42:08 | 004,111,831 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
    [2011/05/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/05/29 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\fixing stuff
    [2011/05/28 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\LogMeIn
    [2011/05/28 23:14:38 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
    [2011/05/28 23:14:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
    [2011/05/28 23:14:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
    [2011/05/28 23:14:34 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
    [2011/05/28 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
    [2011/05/28 23:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
    [2011/05/28 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Avira
    [2011/05/28 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/05/28 21:01:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/05/28 21:01:24 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/05/28 21:01:24 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2011/05/23 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2011/05/23 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2011/05/23 15:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2011/05/23 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/05/23 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2011/05/22 11:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/22 11:04:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/22 11:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/22 11:04:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/22 11:04:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/12 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\Other

    ========== Files - Modified Within 30 Days ==========

    [2011/06/10 17:32:05 | 000,621,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/10 17:32:05 | 000,112,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/10 17:27:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
    [2011/06/10 17:24:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/10 17:24:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/10 17:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/10 17:24:15 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/10 17:19:12 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
    [2011/06/10 03:15:38 | 000,007,916 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
    [2011/06/05 23:36:57 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
    [2011/06/03 17:16:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/03 17:06:34 | 004,111,831 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
    [2011/05/31 23:41:29 | 000,102,957 | ---- | M] () -- C:\Users\josh\Desktop\1.jpg
    [2011/05/30 18:47:21 | 381,386,495 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/29 13:02:03 | 000,000,116 | ---- | M] () -- C:\Users\josh\Adobe Encore_AME.pref
    [2011/05/28 23:14:31 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/05/27 14:00:25 | 000,000,701 | ---- | M] () -- C:\Users\josh\Documents\cast and crew in progress.lnk
    [2011/05/23 15:05:48 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/05/22 10:59:59 | 000,003,008 | -HS- | M] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
    [2011/05/22 10:59:59 | 000,003,008 | -HS- | M] () -- C:\ProgramData\q627c3m4061358n50t62
    [2011/05/14 16:21:45 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat

    ========== Files Created - No Company Name ==========

    [2011/06/03 13:10:47 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
    [2011/05/31 23:41:29 | 000,102,957 | ---- | C] () -- C:\Users\josh\Desktop\1.jpg
    [2011/05/28 23:14:30 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2011/05/28 23:14:18 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
    [2011/05/27 12:11:53 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/22 11:04:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/22 11:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/22 11:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/22 11:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/22 11:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
    [2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\ProgramData\q627c3m4061358n50t62
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/11/29 13:00:38 | 000,000,092 | ---- | C] () -- C:\Users\josh\AppData\Local\fusioncache.dat
    [2010/02/11 08:51:52 | 000,023,580 | ---- | C] () -- C:\Users\josh\AppData\Roaming\UserTile.png
    [2009/11/16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
    [2009/10/27 08:58:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/07/21 21:50:00 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
    [2009/06/06 18:59:53 | 000,007,916 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
    [2008/12/02 00:41:36 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/12/01 11:58:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/10/20 03:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/10/20 03:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/17 13:42:31 | 000,164,352 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/17 13:22:50 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008/10/17 12:16:03 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
    [2008/10/07 13:49:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
    [2008/10/07 13:49:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/10/07 11:18:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/10/07 11:18:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/10/07 11:11:46 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
    [2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/01/20 22:24:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys
    [2008/01/20 22:24:18 | 000,014,336 | ---- | C] () -- C:\Windows\System32\cmstplua.dll
    [2008/01/20 22:23:54 | 000,076,288 | ---- | C] () -- C:\Windows\System32\adsmsext.dll
    [2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 002,501,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,621,554 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,112,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:43:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\cmdkey.exe
    [2006/11/02 04:32:08 | 000,015,360 | ---- | C] () -- C:\Windows\System32\doskey.exe
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003/04/18 16:29:26 | 000,082,432 | ---- | C] () -- C:\Windows\System32\msxml4r.dll

    ========== LOP Check ==========

    [2010/06/27 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Amazon
    [2010/12/30 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Beat Hazard
    [2010/01/27 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\DAEMON Tools
    [2009/09/10 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\gtk-2.0
    [2008/11/14 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Inkscape
    [2009/09/05 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Lost Marble
    [2008/10/17 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Movie Magic Screenwriter
    [2009/03/23 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ourTunes
    [2008/12/02 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PACE Anti-Piracy
    [2010/02/11 08:51:52 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PeerNetworking
    [2010/01/28 01:52:57 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Poser Pro
    [2010/01/24 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Publish Providers
    [2010/01/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Sony
    [2009/07/17 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SoundSpectrum
    [2011/06/10 17:22:04 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
    [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
    [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download.bak\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download.bak\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
    [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download.bak\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download.bak\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
    [2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1385 bytes -> C:\ProgramData\Microsoft:vlmDufhypW8pYUHwUTmLtlsN
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
    @Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:ja7CkiHfxPKrVZzL9bHoLtIp

    < End of report >
     
  13. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Here is the extras log


    OTL Extras logfile created on: 6/10/2011 5:30:09 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 65.76% Memory free
    7.18 Gb Paging File | 6.08 Gb Available in Paging File | 84.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.29 Gb Total Space | 18.36 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
    Drive E: | 3.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JOSH-PC | User Name: josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13C6024D-455E-4B85-B406-5300084A4718}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{248A3154-B21D-440C-AE99-04E57CF20E45}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{2499FE66-DBE6-47AB-AA49-B1E72BFCD02B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{2EC7CFAA-D322-4262-9D04-630343D7B005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{350E17DC-5ED9-4333-8701-411CAC2C5C11}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
    "{4ECB3D9F-DB88-4DE0-9E76-05486AAC2385}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5132C057-BFDC-4E83-9489-96767EF9575B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5260BAE9-E3CC-4CAF-9593-69E9422CD36D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{57196514-9168-4741-A1FD-CE5BD2CB15F5}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
    "{7486727C-2E75-4E60-8A50-759D1AE63FAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{77A22001-DACD-463E-80C4-067FC3C058F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8866D89C-B67E-46E4-803C-1B00A19AF6C4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9AC61D9A-6946-4E5E-96D6-F7ED6AC0FC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A55F99DA-7DDF-4091-A1F7-BC9DE8A5033B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B74C11B0-0B88-4928-A576-CF9313F706CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C2D3B1E2-7BFC-4D8D-A2A9-F81887B24062}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05F1F534-88DE-489E-B590-AF3E40469636}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
    "{0B1AC15E-564E-4224-A93F-2ACE81EA2900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0CA2FACB-2AC9-4D94-AFE9-C1DA3E8FDAB1}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
    "{14185132-A70A-430F-995F-3EC72A6B60A9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{1A44C788-2F7A-40A6-AE3B-7F9908A2A8D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1C91E051-A85A-4879-BF7E-2507BB75B99A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{2951A9F9-633F-4438-91C1-C30DCAA031F9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{3AA70518-C5E1-4A19-8F64-2E5C4DAB6F8A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{40FF9325-932D-4B6B-8A2F-744A113FE542}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{424C80FC-8FA7-4FB0-AF03-8CEBA856A50E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{430A2693-09D6-4A60-B7C2-2AFBDDFE02FF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{44B13639-55B2-4923-BF08-5B21FC37FF9A}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{4F7689BC-38A7-4C09-B1A6-719580129EB4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{5012A21C-FB37-48B7-95B1-AE058C64039A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{5340ADCA-64AE-4BC7-BB90-E338148B06A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5EE944B0-EABB-4898-8418-C6503BE5C204}" = protocol=6 | dir=out | app=system |
    "{61493B37-5B89-4AAD-8B4D-624B82AD97B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard demo\beathazarddemo.exe |
    "{72126E8E-D3F8-4480-B1AB-795774036D47}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{72B5FE5B-C035-4F35-A687-CD3D5A67801B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{8139B077-AA32-4D37-A683-8A463D51A4B8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
    "{8C14746B-700E-4998-A1A6-1FFE76EF5B11}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{91A5A9E1-0423-4C4C-916D-6B9D15BDCC4B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
    "{956FDB2A-22AB-4D77-90D4-8428580B8A84}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
    "{9C8D551D-86BB-493B-9EED-1587557448E3}" = protocol=6 | dir=out | app=system |
    "{9D9C5395-6D44-45C1-9BD1-D7E6B83A88B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A6E26FEE-71AB-4548-81B0-61B8FE64E8C3}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
    "{AAA39129-39F6-4368-B36B-3D2B812189E4}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
    "{B8A81FA7-DA43-4869-9F5D-DF07309173F5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
    "{BB1632B2-1D83-4472-93DF-6FBF3FC30FC6}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
    "{BE6F3EAB-047F-41C1-8579-052B1C1170C6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{CAA0B997-CCE1-4EE4-8FE6-775EB56B7934}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard demo\beathazarddemo.exe |
    "{D99DCE36-73AA-4028-9105-B065517BB2A3}" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\temp\7zsa44a.tmp\symnrt.exe |
    "{D9F08544-C3DF-4A4E-BB28-F92987D225EE}" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\temp\7zsa44a.tmp\symnrt.exe |
    "{E2AD3133-3DF7-4DBE-91A4-DDD2B0021FA5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{E40A0474-D3F2-4204-9F0A-B0C41E9A25AE}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{F9495414-9F09-4168-8369-F60F52C618EF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{1CE54465-258C-4446-83DF-F5104824820D}C:\program files\midway games\area 51\a51.exe" = protocol=6 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
    "TCP Query User{5F61F8DF-ACF8-4562-B12E-A596E7E596C9}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{71A86A88-F28F-488C-B36E-FB3B453F1439}C:\program files\smith micro\poser pro\poserpro.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\poser pro\poserpro.exe |
    "TCP Query User{78F08D15-3CC1-41AC-B9DE-B4468C9A3975}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
    "TCP Query User{8BFF02AF-1967-4F03-8519-046BF888FE81}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "TCP Query User{ADE802F2-F29C-43DB-AA94-F7A65BD778BF}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
    "TCP Query User{BB48873D-AA50-414B-BC24-4A5B98903669}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "TCP Query User{BF93FAEB-7957-4634-9AF9-9B5CE8D80722}C:\program files\midway games\area 51\a51.exe" = protocol=6 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
    "TCP Query User{C8A84619-EAD6-454F-874D-FE475CF91527}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
    "TCP Query User{CFA0873E-F5DD-4962-8A7F-E62147969A73}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
    "TCP Query User{D62790A3-418D-48EA-AB3E-6A055CC3F160}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
    "TCP Query User{D77525C0-2312-4F0E-BA4E-B97C6071E61E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{1B690AA3-802B-4EE4-90B3-D16AAEE48D1A}C:\program files\midway games\area 51\a51.exe" = protocol=17 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
    "UDP Query User{21B700CF-C5E7-404A-B781-C479B534B8E7}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
    "UDP Query User{27BD6A1E-1309-4E1F-B36C-25D21955BC65}C:\program files\midway games\area 51\a51.exe" = protocol=17 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
    "UDP Query User{556C1BCA-0918-4A20-8473-67DBC1904F14}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "UDP Query User{59C48D6F-ACE5-49AD-AB2D-034239A9F6E0}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
    "UDP Query User{7096F81E-4DA1-4463-A2A1-9CC510A146EB}C:\program files\smith micro\poser pro\poserpro.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\poser pro\poserpro.exe |
    "UDP Query User{863AE11F-CA7E-4095-994D-2072A7260D5F}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
    "UDP Query User{8B4479E2-2B6E-4021-BB2C-86741DCCC821}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{C09EE683-9F4E-48F4-A4BE-E1B0CEF0DEF7}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
    "UDP Query User{DBA24CEA-EA06-40F4-A2FD-A7C9A3EA181F}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
    "UDP Query User{EC310036-7BE6-4AFB-A7F2-82613A6F7D52}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
    "UDP Query User{ED52B47B-57AF-427B-B660-2892FA57D7F1}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
    "{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
    "{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}" = Adobe Creative Suite 3 Production Premium
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
    "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
    "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
    "{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DBAF799-E58E-4F60-94FD-E1B9B5D56E38}" = Movie Magic Screenwriter 6
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
    "{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}" = Adobe Setup
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE43CAE0-19A4-41F8-B380-ABA3EBDE624C}" = Area 51(R)
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
    "{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_aefc483f26b23ab60cc5653016d5017" = Add or Remove Adobe Creative Suite 3 Production Premium
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Akamai" = Akamai NetSession Interface
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "Anime Studio Debut_is1" = Anime Studio Debut 6.0
    "ASIO4ALL" = ASIO4ALL
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BeatHazard" = Beat Hazard
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
    "Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "EP Budgeting" = EP Budgeting
    "EP Scheduling" = EP Scheduling
    "ESET Online Scanner" = ESET Online Scanner v3
    "FL Studio 8" = FL Studio 8
    "free-downloads.net Toolbar" = free-downloads.net Toolbar
    "GameSpy Arcade" = GameSpy Arcade
    "G-Force" = G-Force
    "GoToAssist" = GoToAssist 8.0.0.514
    "Halo" = Microsoft Halo
    "Halo 2" = Halo 2 for Windows Vista
    "IL Download Manager" = IL Download Manager
    "Inkscape" = Inkscape 0.46
    "InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
    "InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
    "InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
    "Magic Bullet Colorista" = Magic Bullet Colorista
    "Magic Bullet Looks" = Magic Bullet Looks
    "Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
    "Magic Bullet Mojo" = Magic Bullet Mojo
    "Magic Bullet Mojo Vegas" = Magic Bullet Mojo Vegas
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Painkiller" = Painkiller
    "PhotoRecord" = Canon PhotoRecord
    "PoiZone" = PoiZone
    "Poser Pro_is1" = Poser Pro
    "PROPLUSR" = Microsoft Office Professional Plus 2007
    "RealAlt_is1" = Real Alternative 1.60
    "RemoteCapture" = Canon Utilities RemoteCapture 2.1
    "Toxic Biohazard" = Toxic Biohazard
    "VLC media player" = VLC media player 0.9.4
    "Wacom Tablet Driver" = Wacom Tablet
    "WhiteCap" = WhiteCap
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "Xfire" = Xfire (remove only)
    "Yahoo! Messenger" = Yahoo! Messenger
    "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/10/2011 4:22:02 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5039

    Error - 6/10/2011 4:22:02 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

    Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7370143

    Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7370143

    Error - 6/10/2011 6:51:02 AM | Computer Name = josh-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 6/10/2011 5:14:49 PM | Computer Name = josh-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/10/2011 5:16:18 PM | Computer Name = josh-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 6/10/2011 5:25:18 PM | Computer Name = josh-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/10/2011 5:26:38 PM | Computer Name = josh-PC | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    [ OSession Events ]
    Error - 11/30/2010 4:24:53 AM | Computer Name = josh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17618
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/4/2009 3:02:31 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 192.168.111.2 (The DHCP
    Server sent a DHCPNACK message).

    Error - 8/5/2009 11:12:56 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.111.59 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/5/2009 2:17:12 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 00225F1EEB5F. The following
    error occurred: %%1223. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 8/5/2009 6:32:23 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.111.59 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/5/2009 8:00:30 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.111.59 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/7/2009 8:36:21 AM | Computer Name = josh-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:05:15 PM on 8/6/2009 was unexpected.

    Error - 8/7/2009 8:36:22 AM | Computer Name = josh-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/7/2009 8:36:25 AM | Computer Name = josh-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 8/9/2009 12:17:30 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.111.59 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 8/9/2009 11:57:03 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 00225F1EEB5F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Try the Task Scheduler again please. Follow the path exactly:

    ===================================
    Did you uninstall RegCure?
    ==================================
    Have you attempted the update again? Results?
    =================================
    OTL Custom Scan Fixes

    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      @Alternate Data Stream - 1385 bytes -> C:\ProgramData\Microsoft:vlmDufhypW8pYUHwUTmLtlsN
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
      @Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:ja7CkiHfxPKrVZzL9bHoLtIp
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  15. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    OTL logfile created on: 6/21/2011 7:54:17 PM - Run 2
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 72.56% Memory free
    7.18 Gb Paging File | 6.26 Gb Available in Paging File | 87.28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 220.29 Gb Total Space | 18.70 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
    Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: J-PC | User Name: josh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
    PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
    PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\Windows\System32\PSIService.exe ()
    PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
    PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
    SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
    DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
    DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
    DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
    DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
    DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
    DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
    DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 02:35:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:24:26 | 000,000,000 | ---D | M]

    [2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions
    [2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/06/21 19:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions
    [2011/03/20 21:21:33 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/03/20 21:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/15 20:41:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/04/13 01:26:50 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
    [2011/04/13 01:26:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\engine@conduit.com
    [2011/06/21 19:16:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\piclens@cooliris.com
    [2011/03/21 16:07:24 | 000,000,939 | ---- | M] () -- C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\searchplugins\conduit.xml
    [2011/05/31 15:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/31 15:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZIVTGYD.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
    [2011/05/03 02:35:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/31 15:24:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/06/03 17:16:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/11/21 13:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/21 19:50:14 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/06/10 17:55:15 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\TDSSKiller.exe
    [2011/06/10 17:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
    [2011/06/10 17:20:31 | 000,000,000 | ---D | C] -- C:\_OTM
    [2011/06/10 17:19:10 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
    [2011/06/03 17:17:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp
    [2011/06/03 17:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/05/31 23:42:08 | 004,111,831 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
    [2011/05/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/05/29 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\fixing stuff
    [2011/05/28 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\LogMeIn
    [2011/05/28 23:14:38 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
    [2011/05/28 23:14:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
    [2011/05/28 23:14:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
    [2011/05/28 23:14:34 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
    [2011/05/28 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
    [2011/05/28 23:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
    [2011/05/28 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Avira
    [2011/05/28 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/05/28 21:01:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/05/28 21:01:24 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/05/28 21:01:24 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2011/05/23 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2011/05/23 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2011/05/23 15:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2011/05/23 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/05/23 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

    ========== Files - Modified Within 30 Days ==========

    [2011/06/21 19:52:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/21 19:52:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/21 19:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/21 19:51:38 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/21 17:45:09 | 000,621,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/21 17:45:09 | 000,112,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/12 02:01:19 | 001,091,174 | ---- | M] () -- C:\Users\josh\Desktop\on to the top (demo).mp3
    [2011/06/10 17:53:32 | 001,305,136 | ---- | M] () -- C:\Users\josh\Desktop\tdsskiller.zip
    [2011/06/10 17:27:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
    [2011/06/10 17:19:12 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
    [2011/06/10 03:15:38 | 000,007,916 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
    [2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\TDSSKiller.exe
    [2011/06/05 23:36:57 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
    [2011/06/03 17:16:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/03 17:06:34 | 004,111,831 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
    [2011/05/31 23:41:29 | 000,102,957 | ---- | M] () -- C:\Users\josh\Desktop\1.jpg
    [2011/05/30 18:47:21 | 381,386,495 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/29 13:02:03 | 000,000,116 | ---- | M] () -- C:\Users\josh\Adobe Encore_AME.pref
    [2011/05/28 23:14:31 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/05/27 14:00:25 | 000,000,701 | ---- | M] () -- C:\Users\josh\Documents\cast and crew in progress.lnk
    [2011/05/23 15:05:48 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001

    ========== Files Created - No Company Name ==========

    [2011/06/11 19:25:41 | 000,057,766 | -H-- | C] () -- C:\Users\josh\Desktop\ZuneArt_{27901F63-9447-4BD9-8DB4-17E12B9E0A9E}.jpg
    [2011/06/11 19:25:41 | 000,057,766 | -H-- | C] () -- C:\Users\josh\Desktop\Folder.jpg
    [2011/06/11 18:25:49 | 001,091,174 | ---- | C] () -- C:\Users\josh\Desktop\on to the top (demo).mp3
    [2011/06/10 17:53:28 | 001,305,136 | ---- | C] () -- C:\Users\josh\Desktop\tdsskiller.zip
    [2011/06/03 13:10:47 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
    [2011/05/31 23:41:29 | 000,102,957 | ---- | C] () -- C:\Users\josh\Desktop\1.jpg
    [2011/05/28 23:14:30 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2011/05/28 23:14:18 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
    [2011/05/27 12:11:53 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/22 11:04:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/22 11:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/22 11:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/22 11:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/22 11:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
    [2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\ProgramData\q627c3m4061358n50t62
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/11/29 13:00:38 | 000,000,092 | ---- | C] () -- C:\Users\josh\AppData\Local\fusioncache.dat
    [2010/02/11 08:51:52 | 000,023,580 | ---- | C] () -- C:\Users\josh\AppData\Roaming\UserTile.png
    [2009/11/16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
    [2009/10/27 08:58:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/07/21 21:50:00 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
    [2009/06/06 18:59:53 | 000,007,916 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
    [2008/12/02 00:41:36 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/12/01 11:58:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/10/20 03:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/10/20 03:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/10/17 13:42:31 | 000,164,352 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/17 13:22:50 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2008/10/17 12:16:03 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
    [2008/10/07 13:49:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
    [2008/10/07 13:49:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/10/07 11:18:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/10/07 11:18:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/10/07 11:11:46 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
    [2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/01/20 22:24:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys
    [2008/01/20 22:24:18 | 000,014,336 | ---- | C] () -- C:\Windows\System32\cmstplua.dll
    [2008/01/20 22:23:54 | 000,076,288 | ---- | C] () -- C:\Windows\System32\adsmsext.dll
    [2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 002,501,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,621,554 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,112,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:43:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\cmdkey.exe
    [2006/11/02 04:32:08 | 000,015,360 | ---- | C] () -- C:\Windows\System32\doskey.exe
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003/04/18 16:29:26 | 000,082,432 | ---- | C] () -- C:\Windows\System32\msxml4r.dll

    ========== LOP Check ==========

    [2010/06/27 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Amazon
    [2010/12/30 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Beat Hazard
    [2010/01/27 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\DAEMON Tools
    [2009/09/10 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\gtk-2.0
    [2008/11/14 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Inkscape
    [2009/09/05 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Lost Marble
    [2008/10/17 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Movie Magic Screenwriter
    [2009/03/23 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ourTunes
    [2008/12/02 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PACE Anti-Piracy
    [2010/02/11 08:51:52 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PeerNetworking
    [2010/01/28 01:52:57 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Poser Pro
    [2010/01/24 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Publish Providers
    [2010/01/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Sony
    [2009/07/17 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SoundSpectrum
    [2011/06/21 19:50:30 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >


    I tried the task scheduler but it comes up with an error.

    Also yes ive attempted to install updates again and it still errors out on the service pack
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you run the script for the Fix I set up for you to run through OTL?

    What is the error that comes up when you try to remove the Tasks? Wait. I think Combofix actually removed the RegCure entries, so that's why you got the error. Make sure it's been uninstalled on Add/Remove Programs. Then right click on Taskbar> explore> My Computer> Double click on Local Drive (C)> Programs> find folder for RegCure and do a right click> Delete.
    ===================================
    I'll take a look at the logs again to review the problem with the update. I'm tired, getting ready to close down. Thank you for your patience.
     
  17. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Yes i ran the script. Its not in add remove programs, I deleted the folder, and when i open task scheduler it says. The task image is corrupt or has been tampered with.mcupdate.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    In this line>> "The task image is corrupt or has been tampered with.mcupdate. " do you mean to refer to the Task mcupdate? This is a process found in the McAfee Internet Security suite I see in the OTL log that you run processes for this program. But you have put Avira on the system now.

    If you previously use McAfee but no longer use it, you will neen to uninstall it. Please use this tool> McAfee Removal

    When you say "Its not in add remove programs", what is IT If it's RegCure, I removed it in the Combofix script. But you may have to use Windows Explorer> right click on Taskbar> Explore> My computer> Double click on Local Drive (C)> Programs> find the program folder and do a right click> Delete

    I also notice numerous entries for LogMeIn. Did you get online, remote help at one time? (GoToAssits) Are you still actively using it? (Probably not since you're here!) We should shut that down if it isn't being used.

    Originally, you stated a problem with a Windows update. You now specify it's still errors out on the service pack [/b
    Please describe the error more clearly.
    =============================================
     
  19. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Thats the error message i get when i open task scheduler.
    The task image is corrupt or has been tampered with.mcupdate.

    That is exactly what it says including the period after the with.

    McAfee shouldnt be on the computer anymore, and no one runs it any longer. Its not in add and remove programs and I cant find the folder for it, and there was no removal tool to download.

    As for regcure I have removed it from add remove programs and deleted the remaining folder of it.

    LogMeIn is actually being used by me to access his computer since he needs it and Im not always around in person to look at it.

    Yes the windows update still errors out. What i mean is that when the service pack 2 for windows vista tries to install it errors and then so does every other update that comes after that, after reading other posts across the internet i assumed that the other updates are erroring because service pack 2 errors out and if service pack 2 is fixed and installed properly then all others should as well.

    Here is the error message i get when service pack 2 errors out.

    Installation was not successful
    An unknown error has occurred.
    Error: 0x800f0900
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Unfortunately no one answered the post on this page. But it goes through an excellent list of troubleshooting. I'd like you to review that post and the links included. I especially encourage you to use the link for the System Readiness Tools.

    All of this information is directed at the failed SP2 update on Vista.

    Please let me know if you are able to solve this problem with the information and links given on the site.
     
  21. MysterioMask

    MysterioMask TS Enthusiast Topic Starter Posts: 180

    Running system readiness now, not sure if its going to work cuz it seems the only versions are 86 and 64k dont see any for 32.

    Ran sfc /scannow says that some stuff was corrupt but couldnt be fixed, the CBS.log is 42 megs approx. if you want to see it i can get it to u somehow.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.