Inactive Windows Vista 32 bit updates not updating

MysterioMask · May 26, 2011

I have a computer i was given running windows vista 32 bit, tried asking in the mobil computing section but no one was really helping so asking here, anyway, ran some virus scans and removed most of the viruses, but when i go to do windows updates on it. It fails all the updates and gives me a error: Code 800F0900

How can i get updates to work again

MysterioMask · May 27, 2011

Running combofix didnt fix the problem

MysterioMask · May 27, 2011

Ran combofix, ran some registry cleaners, ran malwarebytes, ran superantispyware, ran tdsskiller, tried installing sp2 manually through a download, tried installing system rediness through a download, ran microsoft fix-it, ran combofix again. ran chkdsk on startup, tried running all in safemode. Hit the computer a couple times. So far nothing seems to work. Whats the next course of action.

Bobbye · May 27, 2011

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

Note: Scans should be run in Normal Mode if possible, unless told differently.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Get hold of yourself and wait for help. Follow the steps in the thread> nothing else.

Remove all of the programs below that you ran in an effort to fix the system.

Ran combofix, ran some registry cleaners, ran malwarebytes, ran superantispyware, ran tdsskiller, tried installing sp2 manually through a download, tried installing system rediness through a download, ran microsoft fix-it, ran combofix again. ran chkdsk on startup, tried running all in safemode. Hit the computer a couple times. So far nothing seems to work. Whats the next course of action.

And please use the Edit feature when you have a short comment to make. Each new post generates an email to the person subscribed.

And note please, I do not work on abused computers:

Hit the computer a couple times.

MysterioMask · May 28, 2011

Sorry about all of that, its just that ive been working on this for about a week and have been waiting for someone to respond to one of the posts for quite a while and didnt want it to sink into an unresponded black hole, since apparently this is a common problem online after searching around for it, the problem is so far none of the sugggestions ive found on line have seemed to work yet, and all i want is for the updates to work properly. and i didnt actually hit it, was just trying to get some kind of attention, cuz its been a while. But here are the logs starting with malware.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6694

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

5/27/2011 4:04:02 PM
mbam-log-2011-05-27 (16-04-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 470449
Time elapsed: 1 hour(s), 18 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is gmer

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-28 14:39:55
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925042 rev.DE13
Running: 00i71ybf.exe; Driver: C:\Users\josh\AppData\Local\Temp\pxldypow.sys

---- System - GMER 1.0.15 ----

INT 0x62 ? 8729DCC8
INT 0x72 ? 8729DCC8
INT 0x72 ? 8729DCC8
INT 0x72 ? 8729DCC8
INT 0x82 ? 8729DCC8
INT 0x82 ? 8729DCC8
INT 0x82 ? 8729DCC8
INT 0x82 ? 8729DCC8
INT 0xA2 ? 84EF1CC8
INT 0xB1 ? 84EF0CC8
INT 0xB1 ? 84EF0CC8
INT 0xB2 ? 84EF8CC8

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys 8B681000 32 Bytes [9E, 0F, 5D, 82, 60, 7F, 5C, ...]
.text sptd.sys 8B681024 4 Bytes [D2, 03, 7B, 8B] {ROL BYTE [EBX], CL; JNP 0xffffffffffffff8f}
.text sptd.sys 8B68102C 224 Bytes [12, 8F, 40, 82, C9, CA, 3B, ...]
.text sptd.sys 8B68110D 199 Bytes [D8, 25, 82, B2, 54, 24, 82, ...]
.text sptd.sys 8B6811E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50}
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B778D38]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
PAGE PCIIDEX.SYS!DllUnload 8B86F5C0 5 Bytes JMP 84EF51D8
PAGE ataport.SYS!DllUnload 8BA13B2E 5 Bytes JMP 84EF11D8
.text USBPORT.SYS!DllUnload 902F54CB 5 Bytes JMP 8729D1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B682FE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B682574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B6820C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B6831BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8B6822A4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B682362] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8B697312] \SystemRoot\System32\Drivers\sptd.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x37 0x7F 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0x83 0xE7 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x25 0xD9 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0xAE 0x86 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0xAB 0x4B 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xE4 0xF3 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x37 0x7F 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x43 0x83 0xE7 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0A 0x25 0xD9 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0xAE 0x86 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0xAB 0x4B 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA9 0xE4 0xF3 0xB5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~pl-PL~0.0.0.0@Package_for_KB958481_client_0~31bf38"\0\0\0+Vþÿ\25VþÿjVþÿ\xb0\0\16\0édþ 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C643FBD2DBD19046958F0E5ABBA5D98@9D4289C9000937346A5A0D5E4D383149 C:\Program Files\Adobe\Adobe Bridge CS3\resource\adobe_epic\eula\ar_AE\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8414F1375367893429D89D81A6EC53AE@9D4289C9000937346A5A0D5E4D383149 C:\Program Files\Adobe\Adobe Bridge CS3\resource\adobe_epic\eula\ar_SA\

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

DDS and then attach

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by josh at 14:40:11 on 2011-05-28
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2002 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\josh\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\1zivtgyd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\josh\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\josh\appdata\roaming\mozilla\firefox\profiles\1zivtgyd.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-7 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-7 73728]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-7 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-7 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-7 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-7 40552]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-10-7 209408]
.
=============== Created Last 30 ================
.
2072-07-31 21:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll
2011-05-27 18:21:22 -------- d-----w- c:\users\josh\appdata\local\temp
2011-05-27 18:20:36 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-27 18:10:24 -------- d-----w- c:\windows\system32\catroot2
2011-05-27 17:57:43 -------- d-----w- c:\programdata\RegCure
2011-05-27 16:45:02 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b7d0df0-af02-4088-a6c2-6f41fe6e284d}\mpengine.dll
2011-05-25 16:37:56 -------- d-----w- C:\2627b3998478df444930d01b3dade3
2011-05-24 20:31:11 -------- d-----w- C:\bb37e3a82d6d4aa35fb7d511
2011-05-23 19:40:42 -------- d-----w- c:\program files\common files\Windows Live
2011-05-23 19:38:36 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-23 19:35:14 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-22 15:04:21 98816 ----a-w- c:\windows\sed.exe
2011-05-22 15:04:21 89088 ----a-w- c:\windows\MBR.exe
2011-05-22 15:04:21 256512 ----a-w- c:\windows\PEV.exe
2011-05-22 15:04:21 161792 ----a-w- c:\windows\SWREG.exe
2011-05-14 20:03:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 21:59:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-04-12 23:52:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-09 22:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.
============= FINISH: 14:40:35.19 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/7/2008 5:56:23 AM
System Uptime: 5/28/2011 11:52:25 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0D501F
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | Microprocessor | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 36.856 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.044 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\INFRARED\0000
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol
PNP Device ID: ROOT\INFRARED\0000
Service: irsir
.
Class GUID: {6bdd1fc5-810f-11d0-bec7-08002be2092f}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\INFRARED\0001
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol #2
PNP Device ID: ROOT\INFRARED\0001
Service: irsir
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0000
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0000
Service: Ph3xIB32
.
==== System Restore Points ===================
.
RP867: 5/26/2011 9:20:39 PM - Windows Update
RP868: 5/27/2011 11:52:13 AM - Installed Microsoft Fix it 50202
RP869: 5/27/2011 12:18:02 PM - Windows Update
RP870: 5/27/2011 12:44:51 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Add or Remove Adobe Creative Suite 3 Production Premium
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Production Premium
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe Encore CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe MotionPicture Color Files
Adobe OnLocation CS3
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 9.1.1
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Ultra CS3
Adobe Ultra CS3 - MSL Legacy Support
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced Video FX Engine
AHV content for Acrobat and Flash
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.10
Anime Studio Debut 6.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Area 51(R)
ASIO4ALL
AutoUpdate
Beat Hazard
Bonjour
Browser Address Error Redirector
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Corel Painter Essentials 4
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EDocs
EP Budgeting
EP Scheduling
Fingerprint Reader Suite 5.6
FL Studio 8
free-downloads.net Toolbar
G-Force
GameSpy Arcade
GoToAssist 8.0.0.514
Halo 2 for Windows Vista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
Inkscape 0.46
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 5
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Magic Bullet Colorista
Magic Bullet Looks
Magic Bullet Looks Vegas
Magic Bullet Mojo
Magic Bullet Mojo Vegas
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Halo
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Morrowind
Movie Magic Screenwriter 6
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
Oblivion
OutlookAddinSetup
Painkiller
Pando Media Booster
PDF Settings
Photoshop Camera Raw
PoiZone
Poser Pro
QualXServ Service Agreement
QuickSet
QuickTime
Real Alternative 1.60
RegCure
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Star Wars Battlefront
Star Wars Battlefront II
Star Wars Republic Commando
Suite Shared Configuration CS4
TES Construction Set
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Vegas Pro 9.0
VLC media player 0.9.4
VoiceOver Kit
Wacom Tablet
WhiteCap
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Writer
Windows Mobile Device Updater Component
WinRAR 4.00 (32-bit)
Xfire (remove only)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== End Of File ===========================

Bobbye · May 30, 2011

Sorry for delay! As you may have noticed, this forum is a very busy place.
Questions:
1. Regarding the failed updates:

It fails all the updates and gives me a error: Code 800F0900

If there is a failed update- that is, one that didn't install correctly, you won't be able to get more updates unless the failed update is removed.

2. I note these restore points:

RP867: 5/26/2011 9:20:39 PM - Windows Update
RP868: 5/27/2011 11:52:13 AM - Installed Microsoft Fix it 50202
RP869: 5/27/2011 12:18:02 PM - Windows Update
RP870: 5/27/2011 12:44:51 PM - Windows Update

Did you set these in anticipation of an update?
There are some current security updates on the system. If you are having problem with a particular update, t would help if I knew the update number.

3. Java is way out of date (v6u5) The current is v6u25. The older program is an vulnerability on the system and should be uninstalled. Then update from here:Java Updates

4. Malware on a system can cause updates to fail, but so can a problem with the Microsoft Download site. I'd like you to run the following scans to see if they pick anything up. There are questions in GMER and a few processes I will recommend you remove. But so far I am not seeing a cause for failed updates. programs I will
======================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

MysterioMask · Jun 1, 2011

Esetscan log:

C:\Program Files\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application

Combofix log:

ComboFix 11-05-31.01 - josh 05/31/2011 23:45:07.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2010 [GMT -4:00]
Running from: c:\users\josh\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
2011-06-01 03:52 . 2011-06-01 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 20:39 . 2011-05-31 20:39 -------- d-----w- c:\program files\ESET
2011-05-31 19:25 . 2011-05-31 19:25 -------- d-----w- c:\program files\Common Files\Java
2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\users\josh\AppData\Local\LogMeIn
2011-05-29 03:14 . 2011-03-01 16:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-05-29 03:14 . 2011-03-01 16:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-05-29 03:14 . 2011-03-01 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-05-29 03:14 . 2010-09-17 19:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-05-29 03:14 . 2011-03-01 16:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-05-29 03:14 . 2011-05-31 04:22 -------- d-----w- c:\programdata\LogMeIn
2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\program files\LogMeIn
2011-05-29 01:03 . 2011-05-29 01:03 -------- d-----w- c:\users\josh\AppData\Roaming\Avira
2011-05-29 01:01 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-29 01:01 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\programdata\Avira
2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\program files\Avira
2011-05-27 18:21 . 2011-06-01 03:52 -------- d-----w- c:\users\josh\AppData\Local\temp
2011-05-27 18:10 . 2011-05-27 18:15 -------- d-----w- c:\windows\system32\catroot2
2011-05-27 17:57 . 2011-05-27 18:03 -------- d-----w- c:\programdata\RegCure
2011-05-27 17:57 . 2011-05-27 18:01 -------- d-----w- c:\program files\RegCure
2011-05-27 16:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B7D0DF0-AF02-4088-A6C2-6F41FE6E284D}\mpengine.dll
2011-05-25 16:37 . 2011-05-25 16:42 -------- d-----w- C:\2627b3998478df444930d01b3dade3
2011-05-24 20:31 . 2011-05-24 20:31 -------- d-----w- C:\bb37e3a82d6d4aa35fb7d511
2011-05-23 19:40 . 2011-05-23 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-23 19:38 . 2011-05-23 19:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-23 19:35 . 2011-05-23 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-23 19:34 . 2011-05-23 19:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-14 20:03 . 2011-05-14 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 21:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 23:52 . 2010-01-28 03:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-05-03 06:35 . 2011-03-25 04:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-12-31 15:53 2349080 ----a-w- c:\program files\free-downloads.net\tbfree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-28 3088520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-07 15:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-12 436792]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-05-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 23:52
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,f5,18,a8,17,cf,a7,43,80,ba,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,f5,18,a8,17,cf,a7,43,80,ba,f7,\
.
[HKEY_USERS\S-1-5-21-3721818986-1728719574-3548816263-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:4f,43,4b,43,1e,eb,5f,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2011-05-31 23:53:49
ComboFix-quarantined-files.txt 2011-06-01 03:53
ComboFix2.txt 2011-05-27 18:21
ComboFix3.txt 2011-05-22 16:07
ComboFix4.txt 2011-05-22 15:50
ComboFix5.txt 2011-06-01 03:44
.
Pre-Run: 39,974,064,128 bytes free
Post-Run: 39,939,387,392 bytes free
.
- - End Of File - - C5D5A2E173B080F26CE7C7109924210F

Bobbye · Jun 3, 2011

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
Folder::
c:\programdata\RegCure
C:\2627b3998478df444930d01b3dade3
C:\bb37e3a82d6d4aa35fb7d511
DDS::
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
=================================================
Advise uninstall RegCure: We do not recommend anyone using a Regustry cleaner.
Then stop these Scheduled Tasks>> RegCure Program Check x2
Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do any of the following:

To change the schedule for the task, click the Schedule tab.

To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.

To delete a task> right-click the task> click Delete. (For RegCure )
[*] To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

Maintenance Scheduled Tasks such as defrag are in a separate category.
=====================================
Did you run the Eset Scan?

MysterioMask · Jun 3, 2011

Heres the combofix log

ComboFix 11-06-03.04 - josh 06/03/2011 17:09:50.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2228 [GMT -4:00]
Running from: c:\users\josh\Desktop\ComboFix.exe
Command switches used :: c:\users\josh\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\2627b3998478df444930d01b3dade3
C:\bb37e3a82d6d4aa35fb7d511
c:\bb37e3a82d6d4aa35fb7d511\$shtdwn$.req
c:\bb37e3a82d6d4aa35fb7d511\checksur.exe
c:\bb37e3a82d6d4aa35fb7d511\checksurlauncher.exe
c:\program files\dell\bae\BAE.dll
c:\program files\free-downloads.net\tbfree.dll
c:\programdata\RegCure
c:\programdata\RegCure\multipledetection.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll
2011-06-03 21:16 . 2011-06-03 21:16 -------- d-----w- c:\users\josh\AppData\Local\temp
2011-06-03 21:16 . 2011-06-03 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 20:39 . 2011-05-31 20:39 -------- d-----w- c:\program files\ESET
2011-05-31 19:25 . 2011-05-31 19:25 -------- d-----w- c:\program files\Common Files\Java
2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-31 19:24 . 2011-05-31 19:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\users\josh\AppData\Local\LogMeIn
2011-05-29 03:14 . 2011-03-01 16:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-05-29 03:14 . 2011-03-01 16:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-05-29 03:14 . 2011-03-01 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-05-29 03:14 . 2010-09-17 19:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-05-29 03:14 . 2011-03-01 16:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-05-29 03:14 . 2011-06-03 04:34 -------- d-----w- c:\programdata\LogMeIn
2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\program files\LogMeIn
2011-05-29 01:03 . 2011-05-29 01:03 -------- d-----w- c:\users\josh\AppData\Roaming\Avira
2011-05-29 01:01 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-29 01:01 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\programdata\Avira
2011-05-29 01:01 . 2011-05-29 01:01 -------- d-----w- c:\program files\Avira
2011-05-27 18:10 . 2011-06-03 20:53 -------- d-----w- c:\windows\system32\catroot2
2011-05-27 16:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B7D0DF0-AF02-4088-A6C2-6F41FE6E284D}\mpengine.dll
2011-05-23 19:40 . 2011-05-23 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
2011-05-23 19:38 . 2011-05-23 19:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-23 19:35 . 2011-05-23 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-23 19:34 . 2011-05-23 19:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-14 20:03 . 2011-05-14 20:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 21:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 23:52 . 2010-01-28 03:40 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-05-03 06:35 . 2011-03-25 04:17 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-9-28 3088520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-07 15:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-12 436792]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 17:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3721818986-1728719574-3548816263-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:4f,43,4b,43,1e,eb,5f,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2011-06-03 17:17:54
ComboFix-quarantined-files.txt 2011-06-03 21:17
ComboFix2.txt 2011-06-01 03:53
ComboFix3.txt 2011-05-27 18:21
ComboFix4.txt 2011-05-22 16:07
ComboFix5.txt 2011-06-03 21:06
.
Pre-Run: 29,345,411,072 bytes free
Post-Run: 29,325,283,328 bytes free
.
- - End Of File - - B668CAF3DADD2913E5932B48B2BADD69

I got an error when i opened task scheduler it read like this

The task image is corrupt or has been tampered with.mcupdate

As for running eset yes i did run it, i listed its printout in the first line, it only found 1 thing

Bobbye · Jun 4, 2011

Sorry for delay- we are swamped! I missed that one line from Eset- best to include entire log.

Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
```
:Files 
C:\Program Files\DAEMON Tools Lite\uninst.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===========================================

Download OTL from either of the links below and save it to your desktop.
Link 1
Link 2
Double click the OTL icon to run it.
The opened console will resemble this:
Set Output at the top to Minimal Output.
Check the boxes beside LOP Check and Purity Check.

Copy the entries in the Codebox below> Paste in the Custom Scan box.

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Make sure all other windows are closed and to let it run uninterrupted.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Bobbye · Jun 8, 2011

Do you plan to continue?

MysterioMask · Jun 10, 2011

Yes i wish to continue, sorry very busy the last few days havent had time to work on it.

Heres the OTmoveit log

All processes killed
========== FILES ==========
C:\Program Files\DAEMON Tools Lite\uninst.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->Flash cache emptied: 593 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: josh
->Temp folder emptied: 9373293 bytes
->Temporary Internet Files folder emptied: 210888334 bytes
->Java cache emptied: 112268 bytes
->FireFox cache emptied: 55068533 bytes
->Flash cache emptied: 105531 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48603 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13167062 bytes
RecycleBin emptied: 1035943 bytes

Total Files Cleaned = 277.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 06102011_172031

Files moved on Reboot...

Registry entries deleted on Reboot...

----------------------
here is the OTL log

=============

OTL logfile created on: 6/10/2011 5:30:09 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 65.76% Memory free
7.18 Gb Paging File | 6.08 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 18.36 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
Drive E: | 3.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOSH-PC | User Name: josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 02:35:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:24:26 | 000,000,000 | ---D | M]

[2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions
[2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/05/25 18:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions
[2011/03/20 21:21:33 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/20 21:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 21:21:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/13 01:26:50 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011/04/13 01:26:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\engine@conduit.com
[2011/03/25 01:55:25 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\piclens@cooliris.com
[2011/03/21 16:07:24 | 000,000,939 | ---- | M] () -- C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\searchplugins\conduit.xml
[2011/05/31 15:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/31 15:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZIVTGYD.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/05/03 02:35:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/31 15:24:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/03 17:16:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/02 15:21:51 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 17:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
[2011/06/10 17:20:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/10 17:19:10 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
[2011/06/03 17:17:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp
[2011/06/03 17:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/31 23:42:08 | 004,111,831 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
[2011/05/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/29 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\fixing stuff
[2011/05/28 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\LogMeIn
[2011/05/28 23:14:38 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/05/28 23:14:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/05/28 23:14:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2011/05/28 23:14:34 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/05/28 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/05/28 23:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/05/28 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Avira
[2011/05/28 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/28 21:01:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/05/28 21:01:24 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/05/28 21:01:24 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/05/23 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/23 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/23 15:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/23 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/23 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/22 11:04:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 11:04:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 11:04:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 11:04:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/22 11:04:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/12 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\Other

========== Files - Modified Within 30 Days ==========

[2011/06/10 17:32:05 | 000,621,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/10 17:32:05 | 000,112,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/10 17:27:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
[2011/06/10 17:24:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 17:24:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 17:24:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 17:24:15 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 17:19:12 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
[2011/06/10 03:15:38 | 000,007,916 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
[2011/06/05 23:36:57 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
[2011/06/03 17:16:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/03 17:06:34 | 004,111,831 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
[2011/05/31 23:41:29 | 000,102,957 | ---- | M] () -- C:\Users\josh\Desktop\1.jpg
[2011/05/30 18:47:21 | 381,386,495 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/29 13:02:03 | 000,000,116 | ---- | M] () -- C:\Users\josh\Adobe Encore_AME.pref
[2011/05/28 23:14:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/27 14:00:25 | 000,000,701 | ---- | M] () -- C:\Users\josh\Documents\cast and crew in progress.lnk
[2011/05/23 15:05:48 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/22 10:59:59 | 000,003,008 | -HS- | M] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
[2011/05/22 10:59:59 | 000,003,008 | -HS- | M] () -- C:\ProgramData\q627c3m4061358n50t62
[2011/05/14 16:21:45 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat

========== Files Created - No Company Name ==========

[2011/06/03 13:10:47 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
[2011/05/31 23:41:29 | 000,102,957 | ---- | C] () -- C:\Users\josh\Desktop\1.jpg
[2011/05/28 23:14:30 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/05/28 23:14:18 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/05/27 12:11:53 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 11:04:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 11:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 11:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 11:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 11:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
[2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\ProgramData\q627c3m4061358n50t62
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/11/29 13:00:38 | 000,000,092 | ---- | C] () -- C:\Users\josh\AppData\Local\fusioncache.dat
[2010/02/11 08:51:52 | 000,023,580 | ---- | C] () -- C:\Users\josh\AppData\Roaming\UserTile.png
[2009/11/16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/10/27 08:58:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/21 21:50:00 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
[2009/06/06 18:59:53 | 000,007,916 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
[2008/12/02 00:41:36 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/01 11:58:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/20 03:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/20 03:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/17 13:42:31 | 000,164,352 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 13:22:50 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/10/17 12:16:03 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
[2008/10/07 13:49:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/10/07 13:49:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/07 11:18:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/07 11:18:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/10/07 11:11:46 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/20 22:24:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/20 22:24:18 | 000,014,336 | ---- | C] () -- C:\Windows\System32\cmstplua.dll
[2008/01/20 22:23:54 | 000,076,288 | ---- | C] () -- C:\Windows\System32\adsmsext.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,501,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,554 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,112,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:43:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\cmdkey.exe
[2006/11/02 04:32:08 | 000,015,360 | ---- | C] () -- C:\Windows\System32\doskey.exe
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/18 16:29:26 | 000,082,432 | ---- | C] () -- C:\Windows\System32\msxml4r.dll

========== LOP Check ==========

[2010/06/27 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Amazon
[2010/12/30 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Beat Hazard
[2010/01/27 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\DAEMON Tools
[2009/09/10 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\gtk-2.0
[2008/11/14 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Inkscape
[2009/09/05 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Lost Marble
[2008/10/17 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Movie Magic Screenwriter
[2009/03/23 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ourTunes
[2008/12/02 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PACE Anti-Piracy
[2010/02/11 08:51:52 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PeerNetworking
[2010/01/28 01:52:57 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Poser Pro
[2010/01/24 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Publish Providers
[2010/01/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Sony
[2009/07/17 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SoundSpectrum
[2011/06/10 17:22:04 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download.bak\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download.bak\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download.bak\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download.bak\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1385 bytes -> C:\ProgramData\Microsoft:vlmDufhypW8pYUHwUTmLtlsN
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA
@Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:ja7CkiHfxPKrVZzL9bHoLtIp

< End of report >

MysterioMask · Jun 10, 2011

Here is the extras log

OTL Extras logfile created on: 6/10/2011 5:30:09 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 65.76% Memory free
7.18 Gb Paging File | 6.08 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 18.36 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
Drive E: | 3.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOSH-PC | User Name: josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C6024D-455E-4B85-B406-5300084A4718}" = lport=2869 | protocol=6 | dir=in | app=system |
"{248A3154-B21D-440C-AE99-04E57CF20E45}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2499FE66-DBE6-47AB-AA49-B1E72BFCD02B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EC7CFAA-D322-4262-9D04-630343D7B005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{350E17DC-5ED9-4333-8701-411CAC2C5C11}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{4ECB3D9F-DB88-4DE0-9E76-05486AAC2385}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5132C057-BFDC-4E83-9489-96767EF9575B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5260BAE9-E3CC-4CAF-9593-69E9422CD36D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{57196514-9168-4741-A1FD-CE5BD2CB15F5}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{7486727C-2E75-4E60-8A50-759D1AE63FAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77A22001-DACD-463E-80C4-067FC3C058F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8866D89C-B67E-46E4-803C-1B00A19AF6C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AC61D9A-6946-4E5E-96D6-F7ED6AC0FC1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A55F99DA-7DDF-4091-A1F7-BC9DE8A5033B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B74C11B0-0B88-4928-A576-CF9313F706CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2D3B1E2-7BFC-4D8D-A2A9-F81887B24062}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F1F534-88DE-489E-B590-AF3E40469636}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{0B1AC15E-564E-4224-A93F-2ACE81EA2900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CA2FACB-2AC9-4D94-AFE9-C1DA3E8FDAB1}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{14185132-A70A-430F-995F-3EC72A6B60A9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1A44C788-2F7A-40A6-AE3B-7F9908A2A8D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C91E051-A85A-4879-BF7E-2507BB75B99A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2951A9F9-633F-4438-91C1-C30DCAA031F9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3AA70518-C5E1-4A19-8F64-2E5C4DAB6F8A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{40FF9325-932D-4B6B-8A2F-744A113FE542}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{424C80FC-8FA7-4FB0-AF03-8CEBA856A50E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{430A2693-09D6-4A60-B7C2-2AFBDDFE02FF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{44B13639-55B2-4923-BF08-5B21FC37FF9A}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{4F7689BC-38A7-4C09-B1A6-719580129EB4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5012A21C-FB37-48B7-95B1-AE058C64039A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5340ADCA-64AE-4BC7-BB90-E338148B06A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE944B0-EABB-4898-8418-C6503BE5C204}" = protocol=6 | dir=out | app=system |
"{61493B37-5B89-4AAD-8B4D-624B82AD97B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard demo\beathazarddemo.exe |
"{72126E8E-D3F8-4480-B1AB-795774036D47}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{72B5FE5B-C035-4F35-A687-CD3D5A67801B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8139B077-AA32-4D37-A683-8A463D51A4B8}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{8C14746B-700E-4998-A1A6-1FFE76EF5B11}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{91A5A9E1-0423-4C4C-916D-6B9D15BDCC4B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe |
"{956FDB2A-22AB-4D77-90D4-8428580B8A84}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{9C8D551D-86BB-493B-9EED-1587557448E3}" = protocol=6 | dir=out | app=system |
"{9D9C5395-6D44-45C1-9BD1-D7E6B83A88B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6E26FEE-71AB-4548-81B0-61B8FE64E8C3}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{AAA39129-39F6-4368-B36B-3D2B812189E4}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{B8A81FA7-DA43-4869-9F5D-DF07309173F5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars republic commando\gamedata\system\swrepubliccommando.exe |
"{BB1632B2-1D83-4472-93DF-6FBF3FC30FC6}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{BE6F3EAB-047F-41C1-8579-052B1C1170C6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CAA0B997-CCE1-4EE4-8FE6-775EB56B7934}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\beat hazard demo\beathazarddemo.exe |
"{D99DCE36-73AA-4028-9105-B065517BB2A3}" = protocol=17 | dir=in | app=c:\users\josh\appdata\local\temp\7zsa44a.tmp\symnrt.exe |
"{D9F08544-C3DF-4A4E-BB28-F92987D225EE}" = protocol=6 | dir=in | app=c:\users\josh\appdata\local\temp\7zsa44a.tmp\symnrt.exe |
"{E2AD3133-3DF7-4DBE-91A4-DDD2B0021FA5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{E40A0474-D3F2-4204-9F0A-B0C41E9A25AE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F9495414-9F09-4168-8369-F60F52C618EF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1CE54465-258C-4446-83DF-F5104824820D}C:\program files\midway games\area 51\a51.exe" = protocol=6 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
"TCP Query User{5F61F8DF-ACF8-4562-B12E-A596E7E596C9}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{71A86A88-F28F-488C-B36E-FB3B453F1439}C:\program files\smith micro\poser pro\poserpro.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\poser pro\poserpro.exe |
"TCP Query User{78F08D15-3CC1-41AC-B9DE-B4468C9A3975}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"TCP Query User{8BFF02AF-1967-4F03-8519-046BF888FE81}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{ADE802F2-F29C-43DB-AA94-F7A65BD778BF}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{BB48873D-AA50-414B-BC24-4A5B98903669}C:\program files\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"TCP Query User{BF93FAEB-7957-4634-9AF9-9B5CE8D80722}C:\program files\midway games\area 51\a51.exe" = protocol=6 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
"TCP Query User{C8A84619-EAD6-454F-874D-FE475CF91527}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{CFA0873E-F5DD-4962-8A7F-E62147969A73}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
"TCP Query User{D62790A3-418D-48EA-AB3E-6A055CC3F160}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{D77525C0-2312-4F0E-BA4E-B97C6071E61E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1B690AA3-802B-4EE4-90B3-D16AAEE48D1A}C:\program files\midway games\area 51\a51.exe" = protocol=17 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
"UDP Query User{21B700CF-C5E7-404A-B781-C479B534B8E7}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{27BD6A1E-1309-4E1F-B36C-25D21955BC65}C:\program files\midway games\area 51\a51.exe" = protocol=17 | dir=in | app=c:\program files\midway games\area 51\a51.exe |
"UDP Query User{556C1BCA-0918-4A20-8473-67DBC1904F14}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{59C48D6F-ACE5-49AD-AB2D-034239A9F6E0}C:\program files\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo\halo.exe |
"UDP Query User{7096F81E-4DA1-4463-A2A1-9CC510A146EB}C:\program files\smith micro\poser pro\poserpro.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\poser pro\poserpro.exe |
"UDP Query User{863AE11F-CA7E-4095-994D-2072A7260D5F}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{8B4479E2-2B6E-4021-BB2C-86741DCCC821}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C09EE683-9F4E-48F4-A4BE-E1B0CEF0DEF7}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{DBA24CEA-EA06-40F4-A2FD-A7C9A3EA181F}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
"UDP Query User{EC310036-7BE6-4AFB-A7F2-82613A6F7D52}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"UDP Query User{ED52B47B-57AF-427B-B660-2892FA57D7F1}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{243DA072-8E39-424A-86A3-F63152021383}" = Adobe Glyphlet Creation Tool CS3
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}" = Adobe Creative Suite 3 Production Premium
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBAF799-E58E-4F60-94FD-E1B9B5D56E38}" = Movie Magic Screenwriter 6
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}" = Adobe Setup
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE43CAE0-19A4-41F8-B380-ABA3EBDE624C}" = Area 51(R)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DC017035-1939-425F-8F86-63B462C76C6A}" = PDF Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_aefc483f26b23ab60cc5653016d5017" = Add or Remove Adobe Creative Suite 3 Production Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Anime Studio Debut_is1" = Anime Studio Debut 6.0
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeatHazard" = Beat Hazard
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EP Budgeting" = EP Budgeting
"EP Scheduling" = EP Scheduling
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 8" = FL Studio 8
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"GoToAssist" = GoToAssist 8.0.0.514
"Halo" = Microsoft Halo
"Halo 2" = Halo 2 for Windows Vista
"IL Download Manager" = IL Download Manager
"Inkscape" = Inkscape 0.46
"InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}" = Adobe Ultra CS3 - MSL Legacy Support
"InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}" = Adobe Ultra CS3
"InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}" = Adobe OnLocation CS3
"Magic Bullet Colorista" = Magic Bullet Colorista
"Magic Bullet Looks" = Magic Bullet Looks
"Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas
"Magic Bullet Mojo" = Magic Bullet Mojo
"Magic Bullet Mojo Vegas" = Magic Bullet Mojo Vegas
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Painkiller" = Painkiller
"PhotoRecord" = Canon PhotoRecord
"PoiZone" = PoiZone
"Poser Pro_is1" = Poser Pro
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealAlt_is1" = Real Alternative 1.60
"RemoteCapture" = Canon Utilities RemoteCapture 2.1
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 0.9.4
"Wacom Tablet Driver" = Wacom Tablet
"WhiteCap" = WhiteCap
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Xfire" = Xfire (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2011 4:22:02 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5039

Error - 6/10/2011 4:22:02 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7370143

Error - 6/10/2011 6:24:47 AM | Computer Name = josh-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7370143

Error - 6/10/2011 6:51:02 AM | Computer Name = josh-PC | Source = EventSystem | ID = 4621
Description =

Error - 6/10/2011 5:14:49 PM | Computer Name = josh-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2011 5:16:18 PM | Computer Name = josh-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 6/10/2011 5:25:18 PM | Computer Name = josh-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/10/2011 5:26:38 PM | Computer Name = josh-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

[ OSession Events ]
Error - 11/30/2010 4:24:53 AM | Computer Name = josh-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17618
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/4/2009 3:02:31 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 192.168.111.2 (The DHCP
Server sent a DHCPNACK message).

Error - 8/5/2009 11:12:56 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.111.59 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/5/2009 2:17:12 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00225F1EEB5F. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/5/2009 6:32:23 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.111.59 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/5/2009 8:00:30 PM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.111.59 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/7/2009 8:36:21 AM | Computer Name = josh-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:05:15 PM on 8/6/2009 was unexpected.

Error - 8/7/2009 8:36:22 AM | Computer Name = josh-PC | Source = HTTP | ID = 15016
Description =

Error - 8/7/2009 8:36:25 AM | Computer Name = josh-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/9/2009 12:17:30 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.111.59 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 8/9/2009 11:57:03 AM | Computer Name = josh-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 00225F1EEB5F has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

Bobbye · Jun 11, 2011

Try the Task Scheduler again please. Follow the path exactly:

Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To change the settings for a task: right-click the Task> click Properties> do any of the following:

1. To change the schedule for the task, click the Schedule tab.
2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
3. To delete a task> right-click the task> click Delete. (For RegCure )
4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

===================================
Did you uninstall RegCure?
==================================
Have you attempted the update again? Results?
=================================
OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL @Alternate Data Stream - 1385 bytes -> C:\ProgramData\Microsoft:vlmDufhypW8pYUHwUTmLtlsN @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA @Alternate Data Stream - 1212 bytes -> C:\ProgramData\Microsoft:ja7CkiHfxPKrVZzL9bHoLtIp :Commands [purity] [emptytemp] [Reboot]

Then click the Run Fix button at the top

Let the program run uninterrupted, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

MysterioMask · Jun 21, 2011

OTL logfile created on: 6/21/2011 7:54:17 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\josh\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 72.56% Memory free
7.18 Gb Paging File | 6.26 Gb Available in Paging File | 87.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.29 Gb Total Space | 18.70 Gb Free Space | 8.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.04 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: J-PC | User Name: josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\josh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 02:35:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/31 15:24:26 | 000,000,000 | ---D | M]

[2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions
[2010/02/04 09:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/06/21 19:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions
[2011/03/20 21:21:33 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/20 21:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/15 20:41:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/13 01:26:50 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011/04/13 01:26:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\engine@conduit.com
[2011/06/21 19:16:05 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\josh\AppData\Roaming\mozilla\Firefox\Profiles\1zivtgyd.default\extensions\piclens@cooliris.com
[2011/03/21 16:07:24 | 000,000,939 | ---- | M] () -- C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\1zivtgyd.default\searchplugins\conduit.xml
[2011/05/31 15:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/31 15:24:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZIVTGYD.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/05/03 02:35:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/31 15:24:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/03 17:16:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/21 13:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 19:50:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 17:55:15 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\TDSSKiller.exe
[2011/06/10 17:27:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
[2011/06/10 17:20:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/10 17:19:10 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
[2011/06/03 17:17:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp
[2011/06/03 17:07:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/31 23:42:08 | 004,111,831 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
[2011/05/31 16:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/31 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/29 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\fixing stuff
[2011/05/28 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\LogMeIn
[2011/05/28 23:14:38 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/05/28 23:14:37 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/05/28 23:14:37 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2011/05/28 23:14:34 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/05/28 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/05/28 23:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/05/28 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Avira
[2011/05/28 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/28 21:01:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/05/28 21:01:24 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/05/28 21:01:24 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/28 21:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/27 14:10:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/05/23 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/23 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/23 15:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/23 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/23 15:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:52:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 19:52:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 19:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 19:51:38 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 17:45:09 | 000,621,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 17:45:09 | 000,112,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/12 02:01:19 | 001,091,174 | ---- | M] () -- C:\Users\josh\Desktop\on to the top (demo).mp3
[2011/06/10 17:53:32 | 001,305,136 | ---- | M] () -- C:\Users\josh\Desktop\tdsskiller.zip
[2011/06/10 17:27:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe
[2011/06/10 17:19:12 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTM.exe
[2011/06/10 03:15:38 | 000,007,916 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\TDSSKiller.exe
[2011/06/05 23:36:57 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
[2011/06/03 17:16:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/03 17:06:34 | 004,111,831 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\ComboFix.exe
[2011/05/31 23:41:29 | 000,102,957 | ---- | M] () -- C:\Users\josh\Desktop\1.jpg
[2011/05/30 18:47:21 | 381,386,495 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/29 13:02:03 | 000,000,116 | ---- | M] () -- C:\Users\josh\Adobe Encore_AME.pref
[2011/05/28 23:14:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/27 14:00:25 | 000,000,701 | ---- | M] () -- C:\Users\josh\Documents\cast and crew in progress.lnk
[2011/05/23 15:05:48 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001

========== Files Created - No Company Name ==========

[2011/06/11 19:25:41 | 000,057,766 | -H-- | C] () -- C:\Users\josh\Desktop\ZuneArt_{27901F63-9447-4BD9-8DB4-17E12B9E0A9E}.jpg
[2011/06/11 19:25:41 | 000,057,766 | -H-- | C] () -- C:\Users\josh\Desktop\Folder.jpg
[2011/06/11 18:25:49 | 001,091,174 | ---- | C] () -- C:\Users\josh\Desktop\on to the top (demo).mp3
[2011/06/10 17:53:28 | 001,305,136 | ---- | C] () -- C:\Users\josh\Desktop\tdsskiller.zip
[2011/06/03 13:10:47 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Movie Magic Screenwriter 6.lnk
[2011/05/31 23:41:29 | 000,102,957 | ---- | C] () -- C:\Users\josh\Desktop\1.jpg
[2011/05/28 23:14:30 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/05/28 23:14:18 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/05/27 12:11:53 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 11:04:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 11:04:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 11:04:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 11:04:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 11:04:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\Users\josh\AppData\Local\q627c3m4061358n50t62
[2011/05/17 10:00:43 | 000,003,008 | -HS- | C] () -- C:\ProgramData\q627c3m4061358n50t62
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/11/29 13:00:38 | 000,000,092 | ---- | C] () -- C:\Users\josh\AppData\Local\fusioncache.dat
[2010/02/11 08:51:52 | 000,023,580 | ---- | C] () -- C:\Users\josh\AppData\Roaming\UserTile.png
[2009/11/16 15:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2009/10/27 08:58:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/21 21:50:00 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
[2009/06/06 18:59:53 | 000,007,916 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat
[2008/12/02 00:41:36 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/01 11:58:03 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/20 03:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/20 03:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/17 13:42:31 | 000,164,352 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 13:22:50 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/10/17 12:16:03 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
[2008/10/07 13:49:14 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/10/07 13:49:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/07 11:18:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/07 11:18:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/10/07 11:11:46 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/08/05 18:02:12 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/05 17:58:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/08 17:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/20 22:24:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/20 22:24:18 | 000,014,336 | ---- | C] () -- C:\Windows\System32\cmstplua.dll
[2008/01/20 22:23:54 | 000,076,288 | ---- | C] () -- C:\Windows\System32\adsmsext.dll
[2007/06/05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,501,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,554 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,112,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:43:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\cmdkey.exe
[2006/11/02 04:32:08 | 000,015,360 | ---- | C] () -- C:\Windows\System32\doskey.exe
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/18 16:29:26 | 000,082,432 | ---- | C] () -- C:\Windows\System32\msxml4r.dll

========== LOP Check ==========

[2010/06/27 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Amazon
[2010/12/30 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Beat Hazard
[2010/01/27 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\DAEMON Tools
[2009/09/10 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\gtk-2.0
[2008/11/14 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Inkscape
[2009/09/05 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Lost Marble
[2008/10/17 11:52:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Movie Magic Screenwriter
[2009/03/23 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ourTunes
[2008/12/02 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PACE Anti-Piracy
[2010/02/11 08:51:52 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\PeerNetworking
[2010/01/28 01:52:57 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Poser Pro
[2010/01/24 00:15:07 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Publish Providers
[2010/01/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Sony
[2009/07/17 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SoundSpectrum
[2011/06/21 19:50:30 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

I tried the task scheduler but it comes up with an error.

Also yes ive attempted to install updates again and it still errors out on the service pack

Bobbye · Jun 22, 2011

Did you run the script for the Fix I set up for you to run through OTL?

What is the error that comes up when you try to remove the Tasks? Wait. I think Combofix actually removed the RegCure entries, so that's why you got the error. Make sure it's been uninstalled on Add/Remove Programs. Then right click on Taskbar> explore> My Computer> Double click on Local Drive (C)> Programs> find folder for RegCure and do a right click> Delete.
===================================
I'll take a look at the logs again to review the problem with the update. I'm tired, getting ready to close down. Thank you for your patience.

MysterioMask · Jun 24, 2011

Yes i ran the script. Its not in add remove programs, I deleted the folder, and when i open task scheduler it says. The task image is corrupt or has been tampered with.mcupdate.

Bobbye · Jun 24, 2011

In this line>> "The task image is corrupt or has been tampered with.mcupdate. " do you mean to refer to the Task mcupdate? This is a process found in the McAfee Internet Security suite I see in the OTL log that you run processes for this program. But you have put Avira on the system now.

If you previously use McAfee but no longer use it, you will neen to uninstall it. Please use this tool> McAfee Removal

When you say "Its not in add remove programs", what is IT If it's RegCure, I removed it in the Combofix script. But you may have to use Windows Explorer> right click on Taskbar> Explore> My computer> Double click on Local Drive (C)> Programs> find the program folder and do a right click> Delete

I also notice numerous entries for LogMeIn. Did you get online, remote help at one time? (GoToAssits) Are you still actively using it? (Probably not since you're here!) We should shut that down if it isn't being used.

Originally, you stated a problem with a Windows update. You now specify it's still errors out on the service pack [/b
Please describe the error more clearly.
=============================================

MysterioMask · Jun 27, 2011

Thats the error message i get when i open task scheduler.
The task image is corrupt or has been tampered with.mcupdate.

That is exactly what it says including the period after the with.

McAfee shouldnt be on the computer anymore, and no one runs it any longer. Its not in add and remove programs and I cant find the folder for it, and there was no removal tool to download.

As for regcure I have removed it from add remove programs and deleted the remaining folder of it.

LogMeIn is actually being used by me to access his computer since he needs it and Im not always around in person to look at it.

Yes the windows update still errors out. What i mean is that when the service pack 2 for windows vista tries to install it errors and then so does every other update that comes after that, after reading other posts across the internet i assumed that the other updates are erroring because service pack 2 errors out and if service pack 2 is fixed and installed properly then all others should as well.

Here is the error message i get when service pack 2 errors out.

Installation was not successful
An unknown error has occurred.
Error: 0x800f0900

Bobbye · Jun 28, 2011

Unfortunately no one answered the post on this page. But it goes through an excellent list of troubleshooting. I'd like you to review that post and the links included. I especially encourage you to use the link for the System Readiness Tools.

All of this information is directed at the failed SP2 update on Vista.

Please let me know if you are able to solve this problem with the information and links given on the site.

MysterioMask · Jul 7, 2011

Running system readiness now, not sure if its going to work cuz it seems the only versions are 86 and 64k dont see any for 32.

Ran sfc /scannow says that some stuff was corrupt but couldnt be fixed, the CBS.log is 42 megs approx. if you want to see it i can get it to u somehow.

Bobbye · Jul 8, 2011

Download the System Readiness Tool here- the only choice you have to make is the language:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=504

Inactive Windows Vista 32 bit updates not updating

Posts: 128 +0

Posts: 128 +0

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 16,313 +36

Posts: 128 +0

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Posts: 128 +0

Posts: 16,313 +36

Similar threads