Windows Update not working properly

Solved
By stroslose
Feb 28, 2012
Topic Status:
Not open for further replies.
  1. Hi,
    I am having trouble with windows update. It wont stop updating Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242). It updates and installs this every time I turn on my computer. 22 times since 2/14. Any help would be greatly appreciated! Logs have been pasted below. Thank you in advance.
    Scott


    GMER log was empty. I am guessing this meant nothing was found.
    ==============================================================

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.28.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Breitzig Family :: BREITZIGFAM-PC [administrator]

    2/28/2012 7:42:26 AM
    mbam-log-2012-02-28 (07-42-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239153
    Time elapsed: 6 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ===========================================================

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Breitzig Family at 11:07:30 on 2012-02-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6165 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Immunet Protect *Disabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Immunet Protect\2.0.17\iptray.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\xampp\mysql\bin\mysqld.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    C:\Windows\SysWOW64\UStorSrv.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\notepad.exe
    c:\windows\system32\inetsrv\w3wp.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page =
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{BD5D0805-E5E7-4CE5-8B7C-615DC494A13B} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{EDC2B924-E5D6-47D0-A104-4FD93E326D22} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    BHO-X64: XFINITY Toolbar - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
    BHO-X64: Updater For XFIN_PORTAL - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
    AppInit_DLLs-X64: acaptuser32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Users\Breitzig Family\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\system32\DRIVERS\ImmunetProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetProtect.sys [?]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42:36];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-11-7 146928]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-2 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-2 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-5-12 192512]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-20 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-5 988216]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-5 399416]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-5-7 1403208]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\httpd.exe" -k runservice --> c:\xampp\apache\bin\httpd.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dev5_ap1;dev5_ap1;C:\phpdev5\Apache\Apache.exe [2011-6-25 20480]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    S2 ImmunetProtect;Immunet Protect;C:\Program Files\Immunet Protect\2.0.17\agent.exe [2011-3-6 272080]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-7-2 428200]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-02-28 12:23:11 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F79DD478-7995-472D-A718-99F189715744}\mpengine.dll
    2012-02-20 00:53:51 27472 ----a-w- C:\Windows\System32\sbbd.exe
    2012-02-20 00:53:10 -------- d-----w- C:\VIPRERESCUE
    2012-02-14 19:29:17 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-14 19:29:16 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-14 19:29:11 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-14 19:29:10 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-14 19:29:04 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-14 19:28:58 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-14 19:28:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-14 19:28:37 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-14 17:01:04 -------- d-----w- C:\Program Files (x86)\Turbine
    2012-02-14 13:50:06 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2012-02-13 20:04:23 -------- d-----w- C:\Users\Breitzig Family\AppData\Local\VS Revo Group
    2012-02-13 20:04:18 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-02-13 20:04:13 -------- d-----w- C:\Program Files\VS Revo Group
    2012-02-13 16:51:51 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2012-02-07 01:20:19 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    .
    ==================== Find3M ====================
    .
    2012-02-16 13:38:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 11:08:32.48 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/5/2009 10:14:44 PM
    System Uptime: 2/28/2012 7:07:25 AM (4 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLET3
    Processor: AMD Phenom(tm) II X4 910 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 918 GiB total, 396.456 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.244 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is CDROM ()
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30A64443&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30A64443&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP498: 2/10/2012 6:37:28 AM - Windows Update
    RP499: 2/13/2012 11:50:42 AM - Installed DirectX
    RP500: 2/13/2012 11:52:09 AM - Installed DirectX
    RP501: 2/13/2012 12:14:43 PM - Installed DirectX
    RP502: 2/13/2012 1:13:04 PM - Installed DirectX
    RP503: 2/13/2012 1:14:58 PM - Installed DirectX
    RP505: 2/13/2012 3:05:53 PM - Revo Uninstaller Pro's restore point - CA Pest Patrol Realtime Protection
    RP506: 2/13/2012 3:06:55 PM - Removed CA Pest Patrol Realtime Protection
    RP508: 2/13/2012 3:10:59 PM - Revo Uninstaller Pro's restore point - LEGO Universe
    RP510: 2/13/2012 3:14:03 PM - Revo Uninstaller Pro's restore point - Microsoft .NET Framework 1.1
    RP512: 2/13/2012 3:49:45 PM - Revo Uninstaller Pro's restore point - The Lord of the Rings Online™ v03.04.04.8012
    RP513: 2/14/2012 4:31:51 AM - Windows Update
    RP514: 2/14/2012 7:59:35 AM - Installed DirectX
    RP515: 2/14/2012 8:01:11 AM - Installed DirectX
    RP517: 2/14/2012 8:33:33 AM - Revo Uninstaller Pro's restore point - Microsoft .NET Framework 1.1
    RP518: 2/14/2012 8:34:40 AM - Removed Microsoft .NET Framework 1.1
    RP519: 2/14/2012 8:49:04 AM - Installed Microsoft .NET Framework 1.1
    RP521: 2/14/2012 9:53:55 AM - Revo Uninstaller Pro's restore point - Microsoft Visual C++ 2005 Redistributable
    RP522: 2/14/2012 11:40:46 AM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    RP523: 2/14/2012 11:42:28 AM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    RP524: 2/14/2012 11:43:24 AM - Removed Microsoft Visual C++ 2005 Redistributable
    RP525: 2/14/2012 11:45:02 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64)
    RP527: 2/14/2012 11:46:11 AM - Revo Uninstaller Pro's restore point - Microsoft Visual C++ 2005 Redistributable
    RP528: 2/14/2012 11:46:46 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64)
    RP529: 2/14/2012 11:48:32 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64)
    RP530: 2/14/2012 11:49:45 AM - Removed Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    RP532: 2/14/2012 11:52:50 AM - Revo Uninstaller Pro's restore point - Microsoft Visual C++ 2005 Redistributable
    RP534: 2/14/2012 11:54:09 AM - Revo Uninstaller Pro's restore point - Microsoft Visual C++ 2005 Redistributable
    RP535: 2/14/2012 12:38:55 PM - Installed DirectX
    RP536: 2/14/2012 12:40:04 PM - Installed DirectX
    RP537: 2/14/2012 12:41:40 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP538: 2/14/2012 1:06:38 PM - Windows Update
    RP539: 2/14/2012 1:37:34 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP541: 2/14/2012 1:42:39 PM - Revo Uninstaller Pro's restore point - The Lord of the Rings Online™ v03.04.04.8012
    RP543: 2/14/2012 1:46:09 PM - Revo Uninstaller Pro's restore point - Circuit Construction Kit (DC Only)
    RP544: 2/14/2012 4:44:14 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP545: 2/14/2012 4:47:50 PM - Windows Update
    RP546: 2/14/2012 5:25:11 PM - Windows Update
    RP547: 2/14/2012 5:36:58 PM - Windows Update
    RP548: 2/14/2012 5:37:58 PM - Windows Update
    RP549: 2/14/2012 5:39:28 PM - Windows Update
    RP550: 2/14/2012 9:09:22 PM - Windows Update
    RP551: 2/14/2012 9:19:51 PM - Windows Update
    RP552: 2/15/2012 11:35:08 AM - Windows Update
    RP553: 2/15/2012 4:57:33 PM - Windows Update
    RP554: 2/15/2012 9:45:41 PM - Windows Update
    RP555: 2/16/2012 11:16:56 AM - Windows Update
    RP556: 2/19/2012 4:49:36 PM - Windows Update
    RP557: 2/19/2012 7:36:37 PM - Windows Update
    RP558: 2/19/2012 7:37:42 PM - Windows Update
    RP559: 2/19/2012 7:38:38 PM - Windows Update
    RP560: 2/19/2012 7:39:36 PM - Windows Update
    RP561: 2/19/2012 7:40:33 PM - Windows Update
    RP562: 2/19/2012 7:41:34 PM - Windows Update
    RP563: 2/19/2012 7:43:10 PM - Windows Update
    RP564: 2/19/2012 9:26:37 PM - Windows Update
    RP565: 2/20/2012 2:46:33 PM - Windows Update
    RP566: 2/20/2012 3:48:04 PM - Windows Update
    RP567: 2/20/2012 9:53:00 PM - Windows Update
    RP568: 2/21/2012 8:37:28 PM - Windows Update
    RP569: 2/22/2012 8:30:34 PM - Windows Update
    RP570: 2/23/2012 8:36:00 AM - Windows Update
    RP571: 2/25/2012 10:45:25 PM - Windows Update
    RP572: 2/26/2012 9:11:12 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.5.0 - CPSID_83708
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Creative Suite 4 Deployment Toolkit
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader X (10.0.1)
    Adobe Reader X (10.1.2)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Amazon Kindle For PC
    Amazon MP3 Downloader 1.0.15
    Amazon MP3 Uploader
    Apple Application Support
    Apple Software Update
    Ashampoo Burning Studio 9.12
    Avira AntiVir Personal - Free Antivirus
    Baseball Mogul 2011
    Baseball Mogul 2012
    Bejeweled 2 Deluxe
    Brother MFL-Pro Suite
    Camtasia Studio 6
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC 8
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities MyCamera
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Circuit Construction Kit (DC Only)
    Cisco Network Magic
    CoffeeCup HTML Editor
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Connect
    CyberLink DVD Suite Deluxe
    D3DX10
    DAZ|Studio 1.4.16.0
    Default Manager
    DHTML Editing Component
    DirectX for Managed Code Update (Summer 2004)
    Dragon Age: Origins
    dvdSanta 4.50
    Enhanced Multimedia Keyboard Solution
    erLT
    ExtractNow
    Facebook Plug-In
    Family Tree Maker 2009
    FileHippo.com Update Checker
    Google Earth
    Google Update Helper
    Google Updater
    GPL Ghostscript 8.63
    Graphical Analysis 3.2 Minimal
    Hewlett-Packard ACLM.NET v1.1.2.0
    honestech VHS to DVD 5.0 Deluxe
    Hoyle Casino 2010 (remove only)
    Hoyle Puzzle & Board Games 2010 (remove only)
    HP Advisor
    HP Customer Experience Enhancements
    HP Easy Backup
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Remote Solution
    HP Support Assistant
    HP Support Information
    HP Total Care Setup
    HP Update
    HydraVision
    ImgBurn
    Immunet Protect
    InstallerApp Application
    iSEEK AnswerWorks English Runtime
    IZArc 4.1.6
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    kuler
    LabelPrint
    LameACM
    LEGO Digital Designer
    LightScribe System Software
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes Anti-Malware version 1.60.1.1000
    MCEBrowser
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    Microsoft WSE 3.0
    Microsoft WSE 3.0 Runtime
    Move Media Player
    MozBackup 1.4.9
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Network Magic
    NVIDIA PhysX
    Pando Media Booster
    PCSX2 - Playstation 2 Emulator
    PDF Password Remover v3.1
    Photoshop Camera Raw
    PictureMover
    PMB
    Power2Go
    PowerDirector
    PowerISO
    Pure Networks Platform
    Python 2.6.1
    QuickBooks Pro 2007
    Quicken WillMaker Plus 2009
    Quicken WillMaker Plus 2011
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rosetta Stone V3
    Runtime
    Secunia PSI (2.0.0.2001)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    SolSuite 2009 v9.5
    Spelling Dictionaries Support For Adobe Reader 9
    SPORE™
    Spybot - Search & Destroy
    SpywareBlaster 4.5
    StarCraft II Beta
    Suite Shared Configuration CS4
    SupportSoft Assisted Service
    SysTools PDF Unlocker
    The Sims Medieval
    Total Video Converter 3.71 100812
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    TurboTax 2009
    TurboTax 2009 wflcbpm
    TurboTax 2009 wfliper
    TurboTax 2009 WinBizFedFormset
    TurboTax 2009 WinBizReleaseEngine
    TurboTax 2009 WinBizTaxSupport
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax Business 2009
    UltraISO Premium V9.36
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB2.0 VIDBOX NW03
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2008 x64 Redistributables
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Works Upgrade
    World of Warcraft
    XFINITY Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/28/2012 7:42:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
    2/28/2012 7:42:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
    2/28/2012 7:42:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
    2/28/2012 7:40:51 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
    2/28/2012 7:20:40 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
    2/28/2012 7:20:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    2/28/2012 7:20:26 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:19:34 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
    2/28/2012 7:19:04 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/28/2012 7:18:33 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/28/2012 7:18:25 AM, Error: Service Control Manager [7034] - The dev5_ap1 service terminated unexpectedly. It has done this 1 time(s).
    2/28/2012 7:18:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: inspect sptd
    2/28/2012 7:18:25 AM, Error: Service Control Manager [7022] - The mysql service hung on starting.
    2/28/2012 7:16:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
    2/28/2012 7:16:14 AM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:15:05 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:14:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    2/28/2012 7:14:26 AM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:13:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Immunet Protect service to connect.
    2/28/2012 7:13:54 AM, Error: Service Control Manager [7000] - The Immunet Protect service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:13:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    2/28/2012 7:13:11 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2012 7:12:34 AM, Error: Service Control Manager [7000] - The Apache2.2 service failed to start due to the following error: The system cannot find the file specified.
    2/28/2012 7:07:26 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/28/2012 11:07:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
    2/28/2012 11:07:13 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218174.
    2/28/2012 10:54:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
    2/28/2012 10:54:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
    2/28/2012 10:54:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
    2/28/2012 10:54:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
    2/28/2012 10:54:26 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
    2/28/2012 10:54:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
    2/28/2012 10:54:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
    2/26/2012 4:42:01 PM, Error: Service Control Manager [7031] - The Immunet Protect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/21/2012 8:36:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
    2/21/2012 8:16:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
    2/21/2012 8:16:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome back Scott- although I realize you might rather need help in this forum!

    This update was found to cause this problem frequently:
    If you are sure that windows has already installed the update, when it comes back asking you to install again, just right click and "hide" the update. this should work.

    One of the suggestions was that it did not install properly- so kept asking for it another solution is:
    Manually downloading the KB2538242 from the download center>
    http://www.microsoft.com/download/en/details.aspx?id=26347
    ====================================
    Whether you have malware or not, we need to do is get the security down so it doesn't make you more vulnerable!

    You have multiple antivirus programs running:
    AV: AntiVir Desktop *Enabled/
    AV: Immunet Protect *Disabled

    Having more than one antivirus can cause conflicts, system slowdowns and crashes, please uninstall one of them.

    There is also a Directory for VIPRE Rescue. "Updated daily, VIPRE is a powerful command-line tool that automatically cleans your system of viruses, trojans and other malicious objects."
    ======================================
    We can continue to look for malware, if you'd like:
    I'd like you to disable the VipreRescue and also Tuneup Utilities while I'm helping you. It is best if programs don't run in the background, removing entries while I'm trying to help you. There is a lot of security running on this system. Sometimes, it's okay, depending on what the programs are. But sometimes, if the programs are trying to do the same thing, it can cause conflicts.
    ======================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ===========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  3. stroslose

    stroslose Newcomer, in training Topic Starter Posts: 42

    Hi Bobbye!

    Happy to have your help again! I had some trouble running ComboFix. After running the program it left all of my registry files marked for deletion. So when I clicked on an application it would not run and stated registry file marked for deletion, cannot open. So I had to restore windows using the ComboFix restore point. It did however save the txt report. It also left my computer in some weird font/text size combination, but I can fix that later. Here are the requested reports:

    ========================================================
    Results of screen317's Security Check version 0.99.31
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.5
    Spybot - Search & Destroy
    Secunia PSI (2.0.0.2001)
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox (10.0.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````


    =======================================================
    Eset Scan:


    C:\Users\Breitzig Family\Downloads\Pharmacology_for_Nursing_Care_7th_Edition_(Lehne).exe Win32/Adware.1ClickDownload application

    =======================================================

    ComboFix 12-02-29.01 - Breitzig Family 02/29/2012 8:00.6.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5781 [GMT -5:00]
    Running from: c:\users\Breitzig Family\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-29 13:12 . 2012-02-29 13:12 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-02-29 13:12 . 2012-02-29 13:12 -------- d-----w- c:\users\Mcx1-BREITZIGFAM-PC\AppData\Local\temp
    2012-02-29 13:12 . 2012-02-29 13:12 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-02-29 13:12 . 2012-02-29 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-29 13:12 . 2012-02-29 13:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-02-28 21:43 . 2012-02-28 21:44 -------- d-----w- c:\program files (x86)\1ClickDownload
    2012-02-20 00:53 . 2010-11-09 18:56 27472 ----a-w- c:\windows\system32\sbbd.exe
    2012-02-20 00:53 . 2012-02-20 02:07 -------- d-----w- C:\VIPRERESCUE
    2012-02-14 19:29 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-14 19:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-14 19:29 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-14 19:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-14 19:29 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 19:28 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-14 19:28 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-14 19:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-14 17:01 . 2012-02-14 17:01 -------- d-----w- c:\program files (x86)\Turbine
    2012-02-14 13:50 . 2012-02-14 13:50 -------- d-----w- c:\windows\SysWow64\URTTEMP
    2012-02-13 20:04 . 2012-02-13 20:04 -------- d-----w- c:\users\Breitzig Family\AppData\Local\VS Revo Group
    2012-02-13 20:04 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-02-13 20:04 . 2012-02-13 20:04 -------- d-----w- c:\program files\VS Revo Group
    2012-02-13 16:51 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    2012-02-07 01:20 . 2012-02-07 01:20 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-16 13:38 . 2011-05-20 12:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 22:43 . 2011-09-14 14:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-08 07:13 . 2012-02-28 12:23 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F79DD478-7995-472D-A718-99F189715744}\mpengine.dll
    2012-01-29 10:10 . 2009-10-03 12:21 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-07 20:18 . 2012-01-07 20:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-10 20:24 . 2009-09-07 01:55 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-05 14:06 . 2009-09-07 17:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-03-06 3810632]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2011-09-29 472112]
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-12-08 296056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    "KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    "HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dev5_ap1;dev5_ap1;c:\phpdev5\apache\Apache.exe [2011-06-25 20480]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-02 428200]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
    S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-25 140672]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [2011-03-06 272080]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - IDSVia64
    *Deregistered* - SRTSPX
    *Deregistered* - SymEvent
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-28 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-06 23:03]
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]
    .
    2012-02-28 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF13938.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page =
    mStart Page = hxxp://www.comcast.net/
    mLocal Page = %SystemRoot%\system32\blank.htm
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    AddRemove-1472903004.www.remoteproctoradmin.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
    1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,57,1a,ca,dc,6f,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,5f,1b,e9,bf,f0,4c,4e,ad,1c,b8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,5f,1b,e9,bf,f0,4c,4e,ad,1c,b8,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\xampp\mysql\bin\mysqld.exe
    c:\windows\SysWOW64\UStorSrv.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-29 08:28:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-29 13:28
    .
    Pre-Run: 429,938,929,664 bytes free
    Post-Run: 429,693,870,080 bytes free
    .
    - - End Of File - - 1DF6009D9373FFAEFD0E8C07CBC7F358



    Thanks Bobbye!!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, let's catch you up:
    There is only 1 entry in the Eset scan and we'll remove it. But I wanted to advise you that if you continue using 1-Click Download, you are going to get adware-at least. That's what was used for the Pharmacology download. You might want to look around for another download manager

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Breitzig Family\Downloads\_for_Nursing_Care_7th_Edition_(Lehne).exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    You are still showing 3 antivirus programs:
    AV: AntiVir Desktop *Disabled/
    AV: Immunet Protect *Enabled/
    VIPRE
    Immunet is clearly an antivirus program> http://www.immunet.com/free/index.html I am not familiar with this program, but you should have only 1. I have included both Immunet and Vipre entries in the script below for removal, but you will still need to uninstall the programs and delete the program folders. Multiple AVs can make a system more vulnerable and also slow a system down. (Best done in Safe Mode)

    Reboot the computer when finished.
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\sbbd.exe
    c:\windows\system32\DRIVERS\Immun etProtect.sys
    c:\windows\system32\DRIVE RS\ImmunetSelfProtect.sys
    Folder::
    c:\users\Public\AppData\Local\temp
    c:\users\Mcx1-BREITZIGFAM-PC\AppData\Local\temp
    c:\users\DefaultAppPool\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Administrator\AppData\Local\temp
    c:\program files (x86)\1ClickDownload
    C:\VIPRERESCUE
    c:\windows\SysWow64\URTTEMP
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    DDS::
    mRun: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Immunet Protect"=-
    
    Clearjavacache::
    
    Driver::
    ImmunetProtectDriver
    ImmunetSelfProtectDriver
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    About this entry:
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://]windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    This entry is game associated. The site in in Korea. I don't want to mess up your gaming, but want to make sure you know about and downloaded this Active X entry yourself
    ======================
    About this:
    After running the program it left all of my registry files marked for deletion
    Please take note of the following in the Combofix directions:
    -----------------------------
    About this:
    It also left my computer in some weird font/text size combination,
    This may be the reason:
    If you didn't use IE and didn't follow the Smart Installer notice, you will get "weird font/text."
    --------------------------
    Regarding the entry: SBBD.exe
    This is part of Vipre> Sunbelt Boot Delete Utility. This file is not digitally signed.It is described as "professional driver management tool that can back-up, restore, update, remove and find new drivers for your PC."

    Regarding: VipreRescue. Described as "a command-line utility that will scan and clean an infected computer that is so infected that programs cannot be easily run with AV capabilities.
    ================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ================================
    Did you get the update problem resolver? Are there any remaining problems?

    Please leave logs in your next reply.
  5. stroslose

    stroslose Newcomer, in training Topic Starter Posts: 42

    Thank you for the response Bobbye.

    I am still having issues with ComboFix. It was ComboFix that changed my font. When I run ComboFix I get the following errors:

    All antivirus/antimalware programs are disabled, even tried downloading ComboFix again. Still got the same errors:

    Windows cant find NIRCMD.exe
    Windows cant find NIRKMD
    Windows cant find NIRCMD

    I click ok and ComboFix continues to run until the error message appears again. I did not apply any changes via ComboFix that you suggested above. I wanted to wait and find out what this error message means before I continue.

    ==============================================

    OTM log:

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Breitzig Family\Downloads\_for_Nursing_Care_7th_Edition_(Lehne).exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Breitzig Family
    ->Temp folder emptied: 6311 bytes
    ->Temporary Internet Files folder emptied: 5423117 bytes
    ->Java cache emptied: 5794204 bytes
    ->FireFox cache emptied: 51232828 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 56950 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 56468 bytes

    User: Mcx1-BREITZIGFAM-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 56468 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13467828 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 117053 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 73.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 03052012_121656

    Files moved on Reboot...
    C:\Users\Breitzig Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    =================
    Uninstalled older versions of Java and Java is now updated to current version.

    =================

    Removed files and folders of Immunet and Viper

    =========================

    I do not recognize this:
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://]windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab

    =========================

    Hid windows 2005 C++ update, and that did stop C++ from updating.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    First try to "OK" past all the 'can't find NIRKMD' messages (3?)- see if Combofix will continue. If it will not:

    Uninstall Combofix:
    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
      [​IMG]
      ------------------------
      Then reinstall Combfix. Try the Fix. You may have to run a new scan, but try without first.
      ==================================
      I'm not aware of anything in Combofix that could or would change the text. But here are directions on How to Add or Change Font.

      This involves a regedit, so please wait until we have finished cleaning, then back up the registry before you begin.
      ===============================
      About the font:
      I explained and documented the 'registry files marked for deletion' but you had already restored. It may be that the restore had something in it that affected the font- I don't think it was actually Combofix.
  7. stroslose

    stroslose Newcomer, in training Topic Starter Posts: 42

    Well that was strange, ComboFix worked great that time without the errors. Must have a gremlin.

    I have fixed the font issue, thanks Bobbye!

    ComboFix Log:


    ComboFix 12-03-04.02 - Breitzig Family 03/06/2012 15:35:59.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5878 [GMT -5:00]
    Running from: c:\users\Breitzig Family\Desktop\ComboFix.exe
    Command switches used :: c:\users\Breitzig Family\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\DRIVE RS\ImmunetSelfProtect.sys"
    "c:\windows\system32\DRIVERS\Immun etProtect.sys"
    "c:\windows\system32\sbbd.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi
    c:\users\Administrator\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\DefaultAppPool\AppData\Local\temp
    c:\users\Mcx1-BREITZIGFAM-PC\AppData\Local\temp
    c:\users\Public\AppData\Local\temp
    C:\VIPRERESCUE
    c:\viprerescue\20120219195351.csv
    c:\viprerescue\20120219195351_1.csv
    c:\viprerescue\deep_scan.bat
    c:\viprerescue\Definitions\acertdefs0.std
    c:\viprerescue\Definitions\adsrules.dat
    c:\viprerescue\Definitions\AdviceTx.vdx
    c:\viprerescue\Definitions\api0.std
    c:\viprerescue\Definitions\apincl.dat
    c:\viprerescue\Definitions\apprules.dat
    c:\viprerescue\Definitions\bhmem.vtd
    c:\viprerescue\Definitions\bhsl.vtd
    c:\viprerescue\Definitions\bmem.vtd
    c:\viprerescue\Definitions\CatDesc.vdx
    c:\viprerescue\Definitions\CatID.vdx
    c:\viprerescue\Definitions\cblk.vtd
    c:\viprerescue\Definitions\cmem.vtd
    c:\viprerescue\Definitions\cname.wtd
    c:\viprerescue\Definitions\comp0.std
    c:\viprerescue\Definitions\Cookies.vdx
    c:\viprerescue\Definitions\CoreVer.txt
    c:\viprerescue\Definitions\ctid.vtd
    c:\viprerescue\Definitions\defs0.std
    c:\viprerescue\Definitions\DefVer.txt
    c:\viprerescue\Definitions\dnrl.vdx
    c:\viprerescue\Definitions\EPSigs.vdx
    c:\viprerescue\Definitions\FastSigs.vdx
    c:\viprerescue\Definitions\FileDT.vdx
    c:\viprerescue\Definitions\FolderDT.vdx
    c:\viprerescue\Definitions\fsigs.vdx
    c:\viprerescue\Definitions\hcol.wtd
    c:\viprerescue\Definitions\heur0.std
    c:\viprerescue\Definitions\HistoryCleaner.xml
    c:\viprerescue\Definitions\hstn.vtd
    c:\viprerescue\Definitions\idsrules.dat
    c:\viprerescue\Definitions\ih.vdx
    c:\viprerescue\Definitions\IncompatiblePrograms.dll
    c:\viprerescue\Definitions\incompats.dat
    c:\viprerescue\Definitions\ip.vtd
    c:\viprerescue\Definitions\JSSigs.vdx
    c:\viprerescue\Definitions\kbu.dat
    c:\viprerescue\Definitions\kbu.dll
    c:\viprerescue\Definitions\lgpl.dll
    c:\viprerescue\Definitions\lib7zip.dll
    c:\viprerescue\Definitions\libBase64.dll
    c:\viprerescue\Definitions\libCHM.dll
    c:\viprerescue\Definitions\libEmail.dll
    c:\viprerescue\Definitions\libMachoUniv.dll
    c:\viprerescue\Definitions\libMsCab.dll
    c:\viprerescue\Definitions\libMsi.dll
    c:\viprerescue\Definitions\libNSIS.dll
    c:\viprerescue\Definitions\libOleA.dll
    c:\viprerescue\Definitions\libRar.dll
    c:\viprerescue\Definitions\libRTF.dll
    c:\viprerescue\Definitions\libtd.dll
    c:\viprerescue\Definitions\libVvs.dll
    c:\viprerescue\Definitions\libZip.dll
    c:\viprerescue\Definitions\macroptn.std
    c:\viprerescue\Definitions\MFastSigs.vdx
    c:\viprerescue\Definitions\mime0.std
    c:\viprerescue\Definitions\networkrules.dat
    c:\viprerescue\Definitions\pack0.std
    c:\viprerescue\Definitions\patchw32.dll
    c:\viprerescue\Definitions\qscnf.vdx
    c:\viprerescue\Definitions\qscnr.vdx
    c:\viprerescue\Definitions\RegDT.vdx
    c:\viprerescue\Definitions\rem0.std
    c:\viprerescue\Definitions\remediation.dll
    c:\viprerescue\Definitions\RootCA.wtd
    c:\viprerescue\Definitions\RTmem.vdx
    c:\viprerescue\Definitions\SBFC.dat
    c:\viprerescue\Definitions\SBTS.dat
    c:\viprerescue\Definitions\script0.std
    c:\viprerescue\Definitions\sdll0.std
    c:\viprerescue\Definitions\sel.dat
    c:\viprerescue\Definitions\smim0.std
    c:\viprerescue\Definitions\ThreatCategoryGlossary.xml
    c:\viprerescue\Definitions\ThreatCategoryGlossary.xsd
    c:\viprerescue\Definitions\ThreatDT.vdx
    c:\viprerescue\Definitions\ThreatID.vdx
    c:\viprerescue\Definitions\TImem.vdx
    c:\viprerescue\Definitions\unpck0.std
    c:\viprerescue\Definitions\updater.dll
    c:\viprerescue\Definitions\vcore.dll
    c:\viprerescue\Definitions\VVSSigs.vdx
    c:\viprerescue\Definitions\WebFilterExceptions.dat
    c:\viprerescue\Definitions\white.wtd
    c:\viprerescue\Definitions\white0.std
    c:\viprerescue\Definitions\whmem.wtd
    c:\viprerescue\Definitions\whsl.wtd
    c:\viprerescue\Definitions\wmem.wtd
    c:\viprerescue\sbbd.exe
    c:\viprerescue\SBRC.exe
    c:\viprerescue\SBRE.dll
    c:\viprerescue\SBREDrv.sys
    c:\viprerescue\SBTE.dll
    c:\viprerescue\vipre.dll
    c:\viprerescue\VipreRescueScanner.exe
    c:\viprerescue\x64\sbbd.exe
    c:\viprerescue\x64\SBREDrv.sys
    c:\windows\SysWow64\URTTEMP
    c:\windows\SysWow64\URTTEMP\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_IMMUNETPROTECTDRIVER
    -------\Legacy_IMMUNETSELFPROTECTDRIVER
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-06 20:49 . 2012-03-06 20:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\Temp
    2012-03-05 17:04 . 2012-03-05 17:04 -------- d-----w- C:\_OTM
    2012-02-29 13:54 . 2012-02-29 13:54 -------- d-----w- c:\program files (x86)\ESET
    2012-02-20 00:53 . 2010-11-09 18:56 27472 ----a-w- c:\windows\system32\sbbd.exe
    2012-02-14 19:29 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-14 19:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-14 19:29 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-14 19:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-14 19:29 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-02-14 19:28 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-14 19:28 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-14 19:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-14 17:01 . 2012-02-14 17:01 -------- d-----w- c:\program files (x86)\Turbine
    2012-02-13 20:04 . 2012-02-13 20:04 -------- d-----w- c:\users\Breitzig Family\AppData\Local\VS Revo Group
    2012-02-13 20:04 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-02-13 20:04 . 2012-02-13 20:04 -------- d-----w- c:\program files\VS Revo Group
    2012-02-13 16:51 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 14:18 . 2009-10-03 12:21 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-16 13:38 . 2011-05-20 12:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 22:43 . 2011-09-14 14:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-08 07:13 . 2012-03-06 12:06 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23ABC515-0F87-41B0-B8F7-1EA87027D5A7}\mpengine.dll
    2012-01-07 20:18 . 2012-01-07 20:18 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-12-10 20:24 . 2009-09-07 01:55 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2011-09-29 472112]
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2011-12-08 296056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "PWRISOVM.EXE"=c:\program files (x86)\PowerISO\PWRISOVM.EXE
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    "KBD"=c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    "HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "NoTrace"="c:\program files (x86)\No Trace\NoTrace2.exe" -mini
    "TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "PMBVolumeWatcher"=c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 dev5_ap1;dev5_ap1;c:\phpdev5\apache\Apache.exe [2011-06-25 20480]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-02 428200]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-25 140672]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/07 21:42];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 19:50 146928]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-05 988216]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-05 399416]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-07 1403208]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - IDSVia64
    *Deregistered* - SRTSPX
    *Deregistered* - SymEvent
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-06 23:03]
    .
    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]
    .
    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 21:07]
    .
    2012-03-05 c:\windows\Tasks\HPCeeScheduleForBreitzig Family.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF26509.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page =
    mStart Page = hxxp://www.comcast.net/
    mLocal Page = %SystemRoot%\system32\blank.htm
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    FF - ProfilePath - c:\users\Breitzig Family\AppData\Roaming\Mozilla\Firefox\Profiles\pi8q43dt.default\
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
    1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
    57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,57,1a,ca,dc,6f,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,5f,1b,e9,bf,f0,4c,4e,ad,1c,b8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,5f,1b,e9,bf,f0,4c,4e,ad,1c,b8,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\xampp\mysql\bin\mysqld.exe
    c:\windows\SysWOW64\UStorSrv.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-06 15:58:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-06 20:58
    .
    Pre-Run: 435,354,779,648 bytes free
    Post-Run: 435,123,601,408 bytes free
    .
    - - End Of File - - 947A30A679B746104C8F49589E5EA695
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay- lloking good> Repeating windows Update fixed. Weird font and text fixed. Combofix look good- we'll just remove this one entry: I have a magic wand I wave over problem programs to make them wotk- I thik It runs about 50/50! Lucky, you got the 'good' 50 that works. :)

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DPF: {559E87DD-406C-43C9-BE70-3C902331CA6B} - hxxp://]windybeta.xcdnplus.co.kr/windydev/sd/common/cab/service/1046/WZMngrAx.cab
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Save the log but I don't need this log unless something new comes up.
    ====================
    Let me know if any thing ielse is going on,
  9. stroslose

    stroslose Newcomer, in training Topic Starter Posts: 42

    lol.... I think your magic wand worked last time too. I ran Combofix, everything looks good. Knock on wood.

    I appreciate you taking the time to help resolve my computer problems.

    Thank you Bobbye!
    Scott
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're very welcome Scott! Nice to know the wand worked! Sometimes I think I might have to trade it in for new one.

    It it possible that the excess security could have 'locked you out.' You can go ahead with the following:

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
    ======================================
    You and your nice clean, updating computer can now enjoy the weekend.
    [​IMG]
  11. stroslose

    stroslose Newcomer, in training Topic Starter Posts: 42

    Thank You Bobbye, I truly appreciate your time!!
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You're very welcome.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.