Windows Vista Won't Update

**Bubba** · #11 24th May 2009, 11:18

I didn't find a C:/combofix.txt, but the one I posted the first time was C:\combofix.txt. Was the front slash in your above post a typo or should there be a C:/combofix.txt? The file I THINK you want is just called C:\Combofix, without the text, and it was in a folder called the same thing, along with 234 other files of varying type (all combo fix files of varying type) and another folder containing 6 more files. It looks incomplete to me, as it terminates right after "scanning hidden auto start entries..........." and there is no terminal message (if I have the term correct for the EOF). ANyway, here is what I could find:

ComboFix 09-05-23.04 - Shirley 05/24/2009 9:36:57.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.2203 [GMT -4:00]
Running from: C:\Users\Shirley\Desktop\ComboFix.exe
Command switches used :: C:\Users\Shirley\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 11:58:04 . 2009-05-24 11:58:04 0 d-----w C:\ProgramData\NortonInstaller
2009-05-22 23:57:08 . 2009-05-24 08:58:46 117760 ----a-w C:\Users\Shirley\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 23:56:40 . 2009-05-22 23:56:40 0 d-----w C:\ProgramData\SUPERAntiSpyware.com
2009-05-22 23:52:35 . 2009-05-22 23:52:39 0 d-----w C:\Program Files\SUPERAntiSpyware
2009-05-22 23:52:35 . 2009-05-22 23:52:35 0 d-----w C:\Users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
2009-05-22 20:36:31 . 2009-05-22 20:36:31 0 d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-05-22 15:06:36 . 2009-02-05 20:06:20 51376 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2009-05-22 15:06:36 . 2009-02-05 20:06:10 23152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2009-05-22 15:06:35 . 2009-02-05 20:07:23 114768 ----a-w C:\Windows\system32\drivers\aswSP.sys
2009-05-22 15:06:35 . 2009-02-05 20:07:12 20560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2009-05-22 15:06:35 . 2009-02-05 20:04:45 97480 ----a-w C:\Windows\system32\AvastSS.scr
2009-05-22 15:06:13 . 2009-02-05 20:11:35 1256296 ----a-w C:\Windows\system32\aswBoot.exe
2009-05-22 15:06:13 . 2009-02-05 20:06:59 51792 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2009-05-22 15:06:11 . 2009-05-22 15:06:11 0 d-----w C:\Program Files\Alwil Software
2009-05-22 04:38:16 . 2009-05-22 04:38:16 738120 ----a-w C:\ProgramData\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-20 12:43:28 . 2008-06-20 01:14:34 97800 ----a-w C:\Windows\system32\infocardapi.dll
2009-05-20 12:43:26 . 2008-06-20 01:14:45 105016 ----a-w C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43:24 . 2008-06-20 01:14:34 11264 ----a-w C:\Windows\system32\icardres.dll
2009-05-20 12:43:24 . 2008-06-20 01:14:33 622080 ----a-w C:\Windows\system32\icardagt.exe
2009-05-20 12:43:23 . 2008-06-20 01:14:45 43544 ----a-w C:\Windows\system32\PresentationHostProxy.dll
2009-05-20 12:43:20 . 2008-06-20 01:14:45 781344 ----a-w C:\Windows\system32\PresentationNative_v0300.dll
2009-05-20 12:43:15 . 2008-06-20 01:14:45 326160 ----a-w C:\Windows\system32\PresentationHost.exe
2009-05-20 12:33:09 . 2008-07-27 18:03:16 96760 ----a-w C:\Windows\system32\dfshim.dll
2009-05-20 12:33:04 . 2008-07-27 18:03:17 282112 ----a-w C:\Windows\system32\mscoree.dll
2009-05-20 12:33:02 . 2008-07-27 18:03:17 41984 ----a-w C:\Windows\system32\netfxperf.dll
2009-05-20 12:32:39 . 2008-07-27 18:03:17 158720 ----a-w C:\Windows\system32\mscorier.dll
2009-05-20 12:32:33 . 2008-07-27 18:03:17 83968 ----a-w C:\Windows\system32\mscories.dll
2009-05-20 11:39:50 . 2009-05-20 11:39:50 0 d-----w C:\Program Files\Microsoft Silverlight
2009-05-20 04:03:02 . 2009-05-20 11:00:07 0 d-----w C:\Program Files\Windows Live Safety Center
2009-05-19 23:20:30 . 2009-05-19 23:20:35 0 d-----w C:\Users\Shirley\AppData\Local\Acer DV Magician
2009-05-19 23:10:14 . 2009-05-19 23:10:14 0 d-----w C:\Windows\Sun
2009-05-19 20:40:59 . 2009-05-19 20:40:59 0 d-----w C:\Users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40:47 . 2009-05-19 11:41:04 38200 ----a-w C:\Users\Shirley\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinsta ller.exe
2009-05-19 18:24:38 . 2009-05-24 08:57:18 0 d-----w C:\Users\Shirley\AppData\Local\Eraser
2009-05-19 18:24:34 . 2009-05-19 18:24:34 0 d--h--w C:\Users\Shirley\AppData\Local\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-19 18:24:32 . 2009-05-19 18:24:32 0 d-----w C:\Program Files\Eraser
2009-05-19 17:20:42 . 2009-05-19 17:20:42 0 d-----w C:\Users\Shirley\AppData\Roaming\eSobi
2009-05-19 17:11:12 . 2008-07-10 06:32:30 538 ----a-w C:\Windows\system32\RegRaidSedona.bat
2009-05-19 17:07:38 . 2009-05-19 17:07:38 0 d-----w C:\NVIDIA
2009-05-19 14:04:08 . 2009-05-19 14:05:56 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-05-19 14:04:08 . 2009-05-19 14:05:53 0 d-----w C:\ProgramData\Spybot - Search & Destroy
2009-05-19 13:01:42 . 2009-05-19 13:01:42 0 d-----w C:\Users\Shirley\AppData\Roaming\WinPatrol
2009-05-19 13:01:42 . 2006-09-18 21:43:37 10 ----a-w C:\Users\Shirley\AppData\Roaming\WinPatrol\Config. sys
2009-05-19 13:01:42 . 2006-09-18 21:43:36 24 ----a-w C:\Users\Shirley\AppData\Roaming\WinPatrol\Autoexe c.bat
2009-05-19 13:01:34 . 2009-05-19 13:01:34 0 d-----w C:\Program Files\BillP Studios
2009-05-19 12:26:12 . 2009-05-19 12:26:12 0 d-----w C:\Users\Shirley\AppData\Roaming\Malwarebytes
2009-05-19 12:26:10 . 2009-04-06 19:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
2009-05-19 12:26:08 . 2009-04-06 19:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2009-05-19 12:26:06 . 2009-05-19 13:22:23 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-19 12:26:06 . 2009-05-19 12:26:06 0 d-----w C:\ProgramData\Malwarebytes
2009-05-19 11:53:31 . 2009-05-19 11:53:31 0 ----a-w C:\Windows\nsreg.dat
2009-05-19 11:53:30 . 2009-05-19 11:53:30 0 d-----w C:\Users\Shirley\AppData\Local\Mozilla
2009-05-19 11:41:09 . 2009-05-19 11:41:10 0 d-----w C:\Program Files\Common Files\Adobe AIR
2009-05-19 11:38:37 . 2009-05-19 12:45:09 0 d-----w C:\ProgramData\NOS
2009-05-19 11:29:04 . 2009-05-19 11:29:04 0 d-----w C:\Users\Shirley\AppData\Local\Seven Zip
2009-05-19 10:41:27 . 2009-03-19 20:32:48 23400 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-05-19 10:41:27 . 2008-04-17 16:12:54 107368 ----a-w C:\Windows\system32\GEARAspi.dll
2009-05-19 10:41:15 . 2009-05-20 01:10:30 0 d-----w C:\Program Files\iPod
2009-05-19 10:41:12 . 2009-05-19 10:41:26 0 d-----w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:41:12 . 2009-05-19 10:41:26 0 d-----w C:\Program Files\iTunes
2009-05-19 10:38:36 . 2009-05-19 10:38:59 0 d-----w C:\Program Files\QuickTime
2009-05-19 10:34:53 . 2009-05-19 10:34:53 75048 ----a-w C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 10:34:27 . 2009-05-19 10:34:27 0 d-----w C:\Program Files\Bonjour
2009-05-19 10:33:13 . 2009-05-19 10:33:13 416128 ----a-w C:\ProgramData\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-19 10:29:55 . 2009-05-19 10:29:44 410984 ----a-w C:\Windows\system32\deploytk.dll
2009-05-12 02:36:38 . 2009-05-12 02:36:38 2930 ---h--w C:\Windows\ms49f4d98.dat
2009-05-11 23:55:23 . 2009-04-14 00:39:31 4656976 ----a-w C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-24 08:58:21 . 2009-02-17 13:54:42 602 ----a-w C:\ProgramData\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-05-24 04:22:39 . 2008-09-12 01:46:41 0 d-----w C:\Program Files\Google
2009-05-20 11:55:41 . 2008-09-11 17:01:53 104472 ----a-w C:\Users\Shirley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-20 11:51:16 . 2008-02-05 19:30:01 0 d-----w C:\ProgramData\Microsoft Help
2009-05-20 11:49:47 . 2008-02-05 19:31:27 0 d-----w C:\Program Files\Microsoft Works
2009-05-20 03:54:10 . 2008-09-12 14:01:36 0 d-----w C:\Program Files\Lx_cats
2009-05-20 00:42:53 . 2008-02-05 20:19:47 0 d-----w C:\Program Files\Common Files\Adobe
2009-05-19 23:28:10 . 2008-02-05 19:26:17 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-05-19 23:27:36 . 2008-02-05 19:49:19 0 d-----w C:\Program Files\Acer Arcade Live
2009-05-19 23:20:35 . 2008-09-15 23:24:03 0 d-----w C:\Users\Shirley\AppData\Roaming\CyberLink
2009-05-19 21:38:46 . 2008-09-12 20:56:57 0 d-----w C:\Program Files\Common Files\SureThing Shared
2009-05-19 21:04:14 . 2008-09-12 14:09:04 1664 ----a-w C:\Users\Shirley\AppData\Roaming\wklnhst.dat
2009-05-19 17:29:20 . 2009-03-04 15:55:32 0 d-----w C:\Users\Shirley\AppData\Roaming\Sony
2009-05-19 17:20:18 . 2008-02-05 19:22:02 0 d-----w C:\ProgramData\NVIDIA
2009-05-19 16:54:17 . 2008-02-05 18:03:02 36864 ----a-w C:\Windows\system32\nvcod100.dll
2009-05-19 16:54:17 . 2007-10-25 11:02:00 147456 ----a-w C:\Windows\system32\nvcolor.exe
2009-05-19 16:13:12 . 2008-09-12 01:47:41 0 d-----w C:\Users\Shirley\AppData\Roaming\LimeWire
2009-05-19 11:32:06 . 2008-02-05 20:08:24 0 d-----w C:\Program Files\Yahoo!
2009-05-19 11:05:41 . 2008-09-12 01:45:18 0 d-----w C:\Program Files\Java
2009-05-19 10:41:14 . 2008-09-13 03:14:50 0 d-----w C:\Program Files\Common Files\Apple
2009-05-19 10:38:31 . 2008-09-13 03:15:59 0 d-----w C:\ProgramData\Apple Computer
2009-05-11 12:10:06 . 2009-05-11 12:10:06 78260 ----a-w C:\ProgramData\SPL23D4.tmp
2009-04-17 10:12:51 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-04-02 22:13:51 . 2009-04-02 22:13:51 702127 ----a-w C:\ProgramData\SPLFB91.tmp
2009-03-19 20:32:48 . 2009-03-19 20:32:48 23400 ----a-w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38:46 . 2009-04-17 05:22:28 13824 ----a-w C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-17 05:22:28 24064 ----a-w C:\Windows\system32\amxread.dll
2009-03-08 11:34:57 . 2009-05-20 03:47:49 914944 ----a-w C:\Windows\system32\wininet.dll
2009-03-08 11:34:28 . 2009-05-20 03:47:54 43008 ----a-w C:\Windows\system32\licmgr10.dll
2009-03-08 11:33:38 . 2009-05-20 03:47:56 18944 ----a-w C:\Windows\system32\corpol.dll
2009-03-08 11:33:17 . 2009-05-20 03:47:50 109056 ----a-w C:\Windows\system32\iesysprep.dll
2009-03-08 11:33:16 . 2009-05-20 03:47:49 109568 ----a-w C:\Windows\system32\PDMSetup.exe
2009-03-08 11:33:15 . 2009-05-20 03:47:50 107520 ----a-w C:\Windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33:15 . 2009-05-20 03:47:50 103936 ----a-w C:\Windows\system32\SetDepNx.exe
2009-03-08 11:33:15 . 2009-05-20 03:47:49 132608 ----a-w C:\Windows\system32\ieUnatt.exe
2009-03-08 11:33:15 . 2009-05-20 03:47:49 107008 ----a-w C:\Windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33:04 . 2009-05-20 03:47:52 420352 ----a-w C:\Windows\system32\vbscript.dll
2009-03-08 11:32:54 . 2009-05-20 03:47:57 72704 ----a-w C:\Windows\system32\admparse.dll
2009-03-08 11:32:49 . 2009-05-20 03:47:54 71680 ----a-w C:\Windows\system32\iesetup.dll
2009-03-08 11:32:38 . 2009-05-20 03:47:53 66560 ----a-w C:\Windows\system32\wextract.exe
2009-03-08 11:32:32 . 2009-05-20 03:47:50 169472 ----a-w C:\Windows\system32\iexpress.exe
2009-03-08 11:31:37 . 2009-05-20 03:47:55 34816 ----a-w C:\Windows\system32\imgutil.dll
2009-03-08 11:31:17 . 2009-05-20 03:47:57 48128 ----a-w C:\Windows\system32\mshtmler.dll
2009-03-08 11:31:00 . 2009-05-20 03:47:50 45568 ----a-w C:\Windows\system32\mshta.exe
2009-03-08 11:22:37 . 2009-05-20 03:47:56 156160 ----a-w C:\Windows\system32\msls31.dll
2009-03-03 04:46:01 . 2009-04-17 05:22:44 3599328 ----a-w C:\Windows\system32\ntkrnlpa.exe
2009-03-03 04:46:01 . 2009-04-17 05:22:44 3547632 ----a-w C:\Windows\system32\ntoskrnl.exe
2009-03-03 04:39:36 . 2009-04-17 05:22:41 183296 ----a-w C:\Windows\system32\sdohlp.dll
2009-03-03 04:39:32 . 2009-04-17 05:22:44 551424 ----a-w C:\Windows\system32\rpcss.dll
2009-03-03 04:39:22 . 2009-04-17 05:22:41 26112 ----a-w C:\Windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37:11 . 2009-04-17 05:22:41 98304 ----a-w C:\Windows\system32\iasrecst.dll
2009-03-03 04:37:11 . 2009-04-17 05:22:41 54784 ----a-w C:\Windows\system32\iasads.dll
2009-03-03 04:37:11 . 2009-04-17 05:22:41 44032 ----a-w C:\Windows\system32\iasdatastore.dll
2009-03-03 03:04:59 . 2009-04-17 05:22:42 666624 ----a-w C:\Windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 . 2009-04-17 05:22:41 17408 ----a-w C:\Windows\system32\iashost.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-24_08.54.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58:01 . 2009-05-24 09:00:01 60532 C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-05-24 09:00:02 79788 C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-09-11 16:57:17 . 2009-05-24 12:59:35 32768 C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-11 16:57:17 . 2009-05-24 08:40:06 32768 C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-11 16:57:16 . 2009-05-24 08:40:06 81920 C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-11 16:57:16 . 2009-05-24 12:59:35 81920 C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-11 16:57:17 . 2009-05-24 12:59:35 16384 C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-09-11 16:57:17 . 2009-05-24 08:40:06 16384 C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-09-11 17:14:54 . 2009-05-24 09:00:02 8036 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2982904736-3036701459-4244829226-1000_UserData.bin
- 2009-05-24 08:39:36 . 2009-05-24 08:39:36 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-05-24 08:58:05 . 2009-05-24 08:58:05 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-05-24 08:58:05 . 2009-05-24 08:58:05 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-05-24 08:39:36 . 2009-05-24 08:39:36 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-09-12 19:37:00 . 2009-05-24 13:15:03 288206 C:\Windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
+ 2006-11-02 10:33:01 . 2009-05-24 09:02:43 595446 C:\Windows\System32\perfh009.dat
- 2006-11-02 10:33:01 . 2009-05-24 08:44:08 595446 C:\Windows\System32\perfh009.dat
- 2006-11-02 10:33:01 . 2009-05-24 08:44:08 101144 C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2009-05-24 09:02:43 101144 C:\Windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 21:51:58 95536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 23:03:28 916240]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 18:21:58 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2007-12-30 21:50:06 34552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-10 02:43:26 326176]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 00:37:40 630784]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-10-15 20:43:10 3387392]
"NVRaidService"="C:\Windows\system32\nvraidservice .exe" [2008-11-12 21:06:20 203296]
"LXCECATS"="C:\Windows\system32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2007-02-22 12:17:00 73728]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 17:11:10 205744]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2007-05-17 17:13:32 103344]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 23:38:26 188728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 20:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-04-02 20:11:02 342312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-05-19 10:29:44 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 21:10:28 35696]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 16:07:26 337216]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-01-16 07:42:00 13683232]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2009-01-16 07:42:00 92704]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 20:08:45 81000]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2007-10-11 18:53:22 4702208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05:34 356352 ----a-w C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2E9A4533-1359-46B6-B326-2B899D73FD10}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D430641B-178B-4C39-B53C-F6B3221DB01A}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{948000F3-8719-4206-B4C5-6506B663184F}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B}"= UDP:C:\Windows\System32\lxcecoms.exe:Lexmark Communications System
"{61DAEE1D-D19E-4F1A-B41E-603246AF524C}"= TCP:C:\Windows\System32\lxcecoms.exe:Lexmark Communications System
"{EB8798E6-358B-4DDA-A219-21BBC5D3C79A}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{99976595-B4E1-4C9A-A3DE-A67AEDEE9B55}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7A37205C-E643-4464-8C27-FAFCC859102D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1DF156D1-94E3-4B3D-A91E-724DFC89819E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D7D156E3-7B84-41F2-9FD8-CF9860453F65}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F6A110DE-6630-4823-B892-60950EB9ED71}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8640BFAB-1B85-48CC-95D5-9AABB44E4D95}"= UDP:C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{6CC4A3BE-8F00-4983-B199-3050D54509B8}"= TCP:C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F}"= UDP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{DDDCF108-71DF-48CD-AD53-71D17C3F2C5C}"= TCP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F98C3B13-2099-40EC-B504-2445C9C5B1B0}"= UDP:C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{3DB81CCD-4E96-40B3-8CA9-0089C89C294B}"= TCP:C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{918FE1A4-6957-4640-97D9-C85BED212614}"= UDP:C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{877DB07F-9298-486A-BB5B-930AF3A683AA}"= TCP:C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{5A664831-D250-4805-BB75-32612C9742F8}"= UDP:C:\Windows\ehome\ehshell.exe:Windows Media Center
"{2A157C0E-5966-4B7E-8D49-178D75EA6009}"= TCP:C:\Windows\ehome\ehshell.exe:Windows Media Center
"{7456A750-A673-4875-A136-BF5BD99C2FA0}"= UDP:C:\Users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool
"{12D7CA5D-7D5D-4B9F-B0C2-08AF17F55210}"= TCP:C:\Users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [5/22/2009 11:06:35 AM 114768]
R1 FAMv4;FAMv4;C:\Windows\System32\drivers\FAMv4.sys [12/14/2007 3:35:32 PM 132120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22:00 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22:00 PM 72944]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswF sBlk.sys [5/22/2009 11:06:35 AM 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\as wMonFlt.sys [5/22/2009 11:06:13 AM 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [12/30/2007 5:54:42 PM 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [12/30/2007 5:55:04 PM 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [12/30/2007 5:54:54 PM 136440]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [5/19/2009 10:04:12 AM 1153368]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22:02 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - C:\Users\Shirley\AppData\Roaming\Mozilla\Firefox\P rofiles\j0dqrqc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.us.acer.yahoo.com/
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 09:41:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x034535E8

scanning hidden autostart entries ...

I'll keep digging while I wait for your reply, but nothing different has come up in the Start>Search box.

EDIT: I see Windows Defender was enabled. I would have sworn I turned it off but obviously I didn't. Would that probably be what caused the meltdown? Also I see Spybot is "out of date." LOL I updated it yesterday or maybe the day before, the days are running together now since they have all been one, but I learned something. ALWAYS update even if it's only been a day.......

**sjb007** · #12 25th May 2009, 01:25

Hi Bubba

Quote:

Was the front slash in your above post a typo

All Appologies, yes it was!

Are you getting any specific error codes while windows is trying to update? Have you checked the windows update service is running?

To check to see if the service is running.
Press Windows key & R to bring up the run dioalogue
Type in the following services.msc
This will bring up a list of services on the computer
Scrol down and look for this service
Windows Update
Double click on the service name and check the status, it should be set to Automatic Delayed Start

Not sure why combofix is failing, usually it is down to protection blocking it but also malware can play a part

Lets run a GMER Scan

Download GMER Rootkit Scanner from here or here.
I want you to rename GMER before you save it to your hard drive - save the file under the name of ark

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop and copy and paste this in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Update me on how things are, are updates availabe yet?

**Bubba** · #13 25th May 2009, 11:31

Why didn't we try to run combofix again? Is it because where it hung up was the portion where GMER started so we just ran that part separately? At least looking at the Combofix log it looked like it said something about GMER running I think.

Oh and I wasn'tbeing a smart aleck about the front slash, way back in the dark ages when I was learning computers (before windows lol) the front slash was used a bunch. I don't recall seeing it lately, maybe it has faded somewhat to ease confusion. Anyways here's the gmer log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-25 14:24:29
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8E4BFDF0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

BTW: It didn't try to fix anything or even tell me it was done as near as I could see. I just looked up and nothing was running anymore. I waited another 10 minutes to be sure.

EDIT: Whoops I forgot. I checked where you said for update and it is set up correctly. I tried to run it again and still get the same error message: code 80072efd which says there is a firewall preventing window from updating.

**sjb007** · #14 25th May 2009, 12:04

Hi Bubba

I ran GMER as opposed to combofix as I wanted to double check nothing was rootkitted and preventing combofix from doing its job fully, its been a while since I ran GMER but I do recall it not notifying me it had completed too.

Quote:

Oh and I wasn'tbeing a smart aleck about the front slash

No offense taken, it was a typo error which you picked up on, my fingers trying to go too fast!

Thanks for the mesage code, it is possible it is down to firewall and not malware. take a look at this article below and see if it helps solve the problem

Article - Windows Update error 80072efd

Let me know how you go on....

**Bubba** · #15 25th May 2009, 12:17

Iread that one and this one: http://support.microsoft.com/?kbid=836941 and they didn't help. That is why I was hopeful when you keyed on those two proxy things when we ran combofix :DDS::
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=localhost:7171

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

That is why I also went through every file trying to find any other firewalls or AV's lol.

**sjb007** · #16 25th May 2009, 13:03

Hi Bubba

Lets reset the security centre and see if that cures the problem

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code:

@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit

In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixme.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

Let me know how things go

**Bubba** · #17 25th May 2009, 13:28

I ran it and now it says Security center is turned off. I also just tried to update and get the same error as I have been getting. I also tried manually again vis IE> microsoft.com>updates>search for updates and get the same message. Should I turn the security center back on?

NOTE: Before I started this thread I did download and install IE8.

**Bubba** · #18 25th May 2009, 13:49

Addition to above post: I rebooted and security center came back on, still won't update, same error code.

**sjb007** · #19 25th May 2009, 13:51

Try turning it back on again and rebooting the computer, Regarding IE8 - did the problem exist before installing IE8?

**sjb007** · #20 25th May 2009, 13:57

Looks like we crossed post there!

I want you to post a fresh combofix log so I can see if anything has changed.

First I want you to delete the version of combofix that you currently have on the desktop

Once done....

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Double click on Combo-Fix.exe & follow the prompts.
When finished post back the resulting log