Unable to run Windows updates; Error code 80072EFE...........

Hi Mike,

I do not mind you asking one bit about certification's. I have no computer degrees. Beleive it or not, a few years ago I was in your shoes, on here asking for help because I got infected. I was so inspired by the person who assisted me as I was totally computer illiterate, I decided to do something about it. I enrolled in a Malware Removal Academy and was lucky enough to be accepted. I put in a lot of time and effort for around a year before I graduated to be able to assist others with there PC problems. I still put in a lot of time and effort learning and researching new infection's and learning as much as I can as often as I can. As you can imagine, finding family time and also having a full time job, spare time can be sparse, but this is something I love doing and I try to help as many people as I can.

Lets run a tool to disable some unneeded programs from starting when the system starts and see if it makes a difference to your speed problems,

Please download Startups@Ease by AbuIbrahim12

• On the web page click the Download button and save the S@E.exe file to your Desktop
• Close all open Browsers and Double click the S@E desktop icon to start the tool
• When the tool has opened click the Begin button
• S@E will then analyze your system for unneeded startup programs
• You will then be presented with a series of questions
• Please read these carefully and check the appropriate box (Yes/No/I Don't Know) and click Next
• Answer each question until you are presented with the review box listing each question that was asked and the answer you gave
• Please review your answers and click the Confirm
• If you made a mistake or are not happy with the answers you gave, click the Cancel button and start again
• After clicking confirm, please click the View Logfile button and save the log to your desktop
• Then please reboot the system

NOTE: If after running startup@Ease you feel as if you have made a mistake, please open the tool and click the "Restore Backups" button, this will re-enable all of the programs you disabled at startup on the next reboot.

Please post the Startups@Ease log back to me for review

Please post a fresh set of DDS logs and a Fresh HJT log along with the S@E log.

NOTE: Please run DDS and HJT after you have run S@E.

Thanks,
K27.

Hey!  I didn't get an option for an S@E log.  However, I think it worked just fine.  It did stop a lot of stuff from running at startup that I didn't really need to.  Here are the DDS logs:

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Mike's Laptop at 23:21:34.33 on Sun 09/12/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3573.2163 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike's Laptop\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\aa documents\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\allmusicconverter\YouTubeRipper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\norton 360\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike's~1\appdata\roaming\mozilla\firefox\profiles\0q7qe93b.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg203.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=demh6s69mau5m|http://www.rushlimbaugh.com/home/today.guest.html|http://www.facebook.com/Give100ofSomething|http://www.manofest.com/|http://linkiest.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\users\mike's laptop\appdata\roaming\mozilla\firefox\profiles\0q7qe93b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\mike's laptop\appdata\roaming\mozilla\firefox\profiles\0q7qe93b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mike's laptop\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [2009-8-9 15872]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2010-2-2 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2010-2-2 482352]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-5-27 20392]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-9-9 344112]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-5-27 73728]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-27 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-27 600944]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\3.0.0.135\ccSvcHst.exe [2010-2-2 115560]
R2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-26 111616]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-8-9 23096]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0300000.087\symndisv.sys [2010-2-2 39984]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-4-12 131664]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-5-7 91728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S3 F09A7726;F09A7726;c:\windows\system32\F09A7726.exe [2010-9-5 6656]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-7 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2009-9-12 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2009-9-12 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2009-9-12 39936]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-8-9 245760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-09-12 00:33:58    88704    ----a-w-    c:\windows\system32\Packet.dll
2010-09-12 00:33:58    68224    ----a-w-    c:\windows\system32\WanPacket.dll
2010-09-12 00:33:58    53299    ----a-w-    c:\windows\system32\pthreadVC.dll
2010-09-12 00:33:58    34064    ----a-w-    c:\windows\system32\drivers\npf.sys
2010-09-12 00:33:58    240248    ----a-w-    c:\windows\system32\wpcap.dll
2010-09-11 23:08:01    0    d-----w-    C:\S@E_backups
2010-09-09 19:05:08    0    d-sh--w-    C:\$RECYCLE.BIN
2010-09-09 18:49:51    0    d-----w-    C:\ComboFix
2010-09-08 18:09:57    0    d-----w-    c:\program files\iPod
2010-09-08 07:52:12    0    d-----w-    c:\windows\CheckSur
2010-09-08 06:23:39    0    d-----w-    c:\users\mike's laptop\Tracing
2010-09-07 22:20:56    302080    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-09-07 22:20:56    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-09-07 19:40:04    0    d-----w-    c:\program files\Microsoft Office Outlook Connector
2010-09-07 19:39:50    54632    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2010-09-07 19:38:11    3426072    ----a-w-    c:\windows\system32\d3dx9_32.dll
2010-09-07 19:38:06    0    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2010-09-07 19:36:56    0    d-----w-    c:\program files\Windows Live SkyDrive
2010-09-07 19:16:42    0    d-----w-    c:\program files\common files\Windows Live
2010-09-07 18:53:27    0    ---ha-w-    C:\ProgramData.LOG2
2010-09-07 18:53:27    0    ---ha-w-    C:\ProgramData.LOG1
2010-09-07 07:44:18    98816    ----a-w-    c:\windows\sed.exe
2010-09-07 07:44:18    77312    ----a-w-    c:\windows\MBR.exe
2010-09-07 07:44:18    256512    ----a-w-    c:\windows\PEV.exe
2010-09-07 07:44:18    161792    ----a-w-    c:\windows\SWREG.exe
2010-09-06 19:12:10    23152    ----a-w-    c:\windows\system32\drivers\tsk65BE.tmp
2010-09-05 21:29:15    6656    ----a-w-    c:\windows\system32\F09A7726.exe
2010-09-04 22:28:55    23152    ----a-w-    c:\windows\system32\drivers\tskB04D.tmp
2010-09-04 22:21:00    0    d-----w-    C:\TDSSKiller_Quarantine
2010-09-02 11:12:56    0    d-----w-    c:\program files\Trend Micro
2010-09-01 08:27:21    38656    ----a-w-    c:\windows\system32\drivers\Capt905c.sys
2010-09-01 08:27:20    26496    ----a-w-    c:\windows\system32\drivers\Camd905c.sys
2010-09-01 08:27:07    0    d-----w-    c:\program files\MyDSC2
2010-09-01 08:18:38    18688    ----a-w-    c:\windows\system32\drivers\afc.sys
2010-09-01 08:16:00    212480    ----a-w-    c:\windows\PCDLIB32.DLL
2010-08-22 21:36:29    0    d-----w-    c:\users\mike's~1\appdata\roaming\Malwarebytes
2010-08-22 21:36:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-22 21:36:12    0    d-----w-    c:\programdata\Malwarebytes
2010-08-22 21:36:11    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-08-17 09:24:48    0    d-----w-    c:\windows\system32\catroot2

==================== Find3M  ====================

2010-09-08 18:05:11    51200    ----a-w-    c:\windows\inf\infpub.dat
2010-09-08 18:05:11    143360    ----a-w-    c:\windows\inf\infstor.dat
2010-09-08 18:05:10    143360    ----a-w-    c:\windows\inf\infstrng.dat
2010-09-07 18:53:00    0    ----a-w-    c:\windows\system32\drivers\SSHRMD.sys
2010-06-26 06:05:49    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-26 06:02:15    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-06-26 06:02:15    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03    2037760    ----a-w-    c:\windows\system32\win32k.sys
2010-06-18 17:31:29    36864    ----a-w-    c:\windows\system32\rtutils.dll
2009-11-17 10:12:15    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-07-30 14:56:08    4637952    ----a-w-    c:\program files\common files\lpuninstall.exe
2008-01-21 02:57:01    174    --sha-w-    c:\program files\desktop.ini
2006-11-02 12:39:34    30674    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34    30674    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34    287440    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34    287440    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2010-04-29 06:06:35    16384    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-29 06:06:35    32768    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-29 06:06:35    16384    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-12-08 08:35:04    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-18 02:16:58    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091720090918\index.dat
2009-09-18 16:34:32    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091820090919\index.dat
2009-09-19 16:31:06    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091920090920\index.dat
2009-09-21 10:02:54    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092120090922\index.dat
2009-10-02 07:34:40    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100220091003\index.dat
2009-10-03 23:58:16    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100320091004\index.dat
2009-10-16 07:32:58    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101620091017\index.dat
2009-10-19 00:40:43    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101820091019\index.dat
2009-10-21 16:16:33    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102120091022\index.dat
2009-10-27 07:04:03    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102720091028\index.dat
2009-11-04 18:54:01    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110420091105\index.dat
2009-11-07 07:36:12    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009110720091108\index.dat
2009-11-10 19:38:01    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2009-11-13 07:46:17    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111320091114\index.dat
2009-11-19 07:38:30    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111920091120\index.dat
2009-11-21 07:23:36    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112120091122\index.dat
2009-11-22 07:30:26    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112220091123\index.dat
2009-11-26 08:27:14    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112620091127\index.dat
2009-11-28 19:21:29    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112820091129\index.dat
2009-12-21 18:58:55    32768    --sha-w-    c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009122120091222\index.dat
2009-11-28 19:21:29    16384    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2009-11-26 08:27:14    16384    --sha-w-    c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2009-05-26 21:24:55    8192    --sha-w-    c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:23:12.10 ===============
----------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 5/27/2009 1:23:25 PM
System Uptime: 9/12/2010 11:14:52 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0U990C
Processor: Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz | Microprocessor | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 215 GiB total, 61.069 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.913 GiB free.
E: is CDROM ()
Y: is FIXED (FAT32) - 149 GiB total, 20.25 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet J6400 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
6400_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Advanced Audio FX Engine
Advanced Video FX Engine
AllMusicConverter 3.8.7
Apple Application Support
Apple Mobile Device Support
ArcSoft PhotoImpression 5
ATT-RC Self Support Tool
att.net Toolbar
Audacity 1.3.12 (Unicode)
AVS Update Manager 1.0 (Update Version)
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Banctec Service Agreement
BlackBerry Desktop Software 4.6
BlackBerry Device Software Updater
BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Address Error Redirector
BufferChm
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Creative MediaSource 5
CustomerResearchQFolder
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell PC TuneUp
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DELL0703
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DirectXInstallService
DOC to Image Converter 2.00
DocMgr
DocProc
DocProcQFolder
DVDx 2
E.M. Free Youtube Download Tool 3.03
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
Fax
ffdshow [rev 2527] [2008-12-19]
fflink
FFmpeg for Audacity on Windows
GEAR driver installer for x86 and x64
Google Earth
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
iTunes
J6400
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Laptop Integrated Webcam Driver (1.04.01.1011)  
Malwarebytes' Anti-Malware
MarketResearch
mCore
MediaCoder 0.6.1
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.6.9)
mPfMgr
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
MyDSC2
Napster
Napster Burn Engine
netbrdg
NetDeviceManager
Norton 360
OCR Software by I.R.I.S. 10.0
OfotoXMI
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PANTECH PC USB Modem Software
ProductContext
PSSWCORE
QuickSet
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
Scan
SFR
SHASTA
Shop for HP Supplies
skin0001
SKINXSDK
SmartWebPrinting
SolutionCenter
Sound Blaster Audigy ADVANCED MB
staticcr
Status
Toolbox
tooltips
Total Recorder 8.1
TrayApp
Ultra Defragmenter
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
VPRINTOL
VZAccess Manager
WebReg
WildTangent Games
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WIRELESS
Wisdom-soft ScreenHunter 5.1 Free
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Widgets

==== End Of File ===========================
----------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:11 PM, on 9/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike's Laptop\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.partner=sbc&.intl=us&.done=http%3A%2F%2Fus.mg203.mail.yahoo.com%2Fdc%2Flaunch%3F.partner%3Dsbc%26.gx%3D0%26.rand%3D274h1nr76k4ah
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\AA Documents\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-668703000-809816363-4094811587-1001\..\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /detectMem (User 'RA Media Server')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F09A7726 - Unknown owner - C:\Windows\system32\F09A7726.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SMServer - SMServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UltraVNC Server (uvnc_service) - UltraVNC - C:\ProgramData\UltraVNC\winvnc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11509 bytes

Hi Mike,

Your logs now appear to be clean, we have a bit of housekeeping to do and I will then post some general advice on how to minimize the chances of reinfection.

The following will implement some cleanup procedures:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall
Note the space between Combofix and /

Please uninstall the other programs we used as without proper guidance they can seriously harm the workings of Windows and your PC

• HiJackThis via Add/Remove Programs in control Panel
• RKUnhooker by right clicking the desktop icon and clicking delete, you can also delete the logs that it created
• TDSSKiller and the logs it created by right clicking them and clicking delete
• Please navigate to and delete this folder C:\TDSSKiller_Quarantine

You can also then delete the non invasive DDS program and the two logs it created on your desktop by right click each file and then click delete.

.
Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose

In the Applications Tab:

• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

.
Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

.
Your Java is outdated.

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
• Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
• Click the Download JRE button to the right
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

.
Adobe Acrobat/Reader is out of date please update to the latest version from HERE (NOTE: On the Download page, please make sure to uncheck the box next to the "McAfee Scan" item as it is not needed

Now some advice on how to surf safe in the future.

ALWAYS keep all programs on your PC up to date and this especially means your Anti-Virus/Anti-Spyware/Firewall/Java and Adobe programs.
They can all be found via the "All Programs" feature in the start menu and if opened will 100% have a update feature somewhere.
NEVER use more than ONE Anti-Virus program,
NEVER use more than ONE resident Full time Anti-Spyware program,
NEVER use more than ONE Software Firewall,(and never use the Windows built in Firewall as it will not keep you protected)

As more than one of each of these will conflict with each other and leave you just as vunrable as not having them.
You can get some VERY GOOD FREE ones from HERE

Its always a good idea to back these up with SpywareBlaster as this will run in the background and not conflict with any of your other Security.

Also give WinPatrol a try as it is a very good program that will inform you of any changes being made to your system in the same way that User Account Control does but better, (DO NOT switch off UAC if you install WinPatrol, it is still very much needed)

Research and consider using a HARDWARE Firewall as this will provide a very good extra layer of protection.

Scan with each piece of your security Daily and at the very least two daily.
Always keep a few on-demand scanners on your machine and use them every other day, such as,

• Malwarebytes Anti-Malware(consider perchusing the paid version for £25 for a lifetimes use and a very good piece of kit to have running on your machine)
• Spybot Search&Destroy (DO NOT install the Tea Timer Function)
• Ad-Aware (Again DO NOT install the resident scanner)

If you use IE then consider using a more secure browser such as FireFox or Opera

Install all the latest Windows updates from HERE
or by clicking start>all programs>Windows update, and keep going back and doing these untill you have all the avalible updates untill none are showing.
Its a good idea to set Windows Update to automatic so as not to miss any Important updates.

Always you a site advisor such as WOT to confirm the sites you are using are really the sites they say they are.
There is a version of WOT avalible for both IE and FIreFox.

Every so often (two weeks- 1 month) it would be a good idea to run this free online Security Test called Secunia, which will test all the programs on your system for security vunralbilities. Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.

You will also see a process indicator that looks like this:
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section.
You will have a link next to all the programs on you system that need updating, please install these updates one by one until no more are showing.

And please read these links for adivce on Computer Security:
So how did I get infected in the first place by Tony Klein
Do's and Don't's of Security Programs
Anti-Virus Programs Explained

If you have any other questions then please fill free to post back,
I will mark this thread as solved tomorrow,

Safe Surfing,
K27.

SCHWEW!!!  That was a LOT of stuff to do, but I finally got it done.  I think I'm set now.  Thanks so much for your help.  I really, Really, REALLY appreciate it.  I'm going to copy your last post of suggestions and keep them so I can refer to them from time to time in case this thread is ever deleted.  Lots of good info there.  I thought for a while there I would really like to be able to do this type stuff for folks who have problems, but my brain is about to explode from information overload and I don't know that I could comprehend it all well enough to teach folks what to do like you have with me.  I guess I should just leave solutions like this TO THE PROS LIKE YOURSELF!!!  Thanks again.  Best regards,  Mike F

Hi Mike,

You are more than Welcome.  :emotion-21:

This topic is Resolved.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

If you are the original poster and would like further assistance please post a fresh HJT log and details of the problems you are having.

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the button.

Regards
K27

It is possible to disinfect a system infected with malware family Rootkit.Win32.TDSS, I had a similar problem but I have windows 7, I used the TDSSkiller program and that solved the update issue, you should try it, it may solve the problem of yours too, follow the link below and download the TDSSkiller.

http://support.kaspersky.com/viruses/solutions?qid=208280684

@Georgeali,

This topic was resolved some time ago.

The volunteers on the Malware Removal forum (and on many similar forums) go through a lengthy training program before helping in the Malware Removal Forum. Disinfecting a computer of malware is not a “one size fits all” task. Although the symptoms on one computer may appear similar to those on another, the path to getting each computer clean may be very different. Additionally, many of the tools we use are very powerful and can cause severe problems if misused. For these reasons, we strongly recommend against anyone using the steps suggested for another person. The list of trained volunteers for the Malware Removal Forum is in the announcement Please Read This Before Posting For Malware Removal Help at the top of this forum.

If you are interested in training to become a Security Analyst, you can find a list of reputable training schools HERE

If anyone is in need of assistance, please start a NEW Topic at the top of this forum and a trained analyst will reply as soon as one becomes available.

It is possible to disinfect a system infected with malware family Rootkit.Win32.TDSS, I had a similar problem but I have windows 7, I used the TDSSkiller program and that solved the update issue, you should try it, it may solve the problem of yours too, follow the link below and download the TDSSkiller.