MySickComputer

April 17, 2013

In some cases it's unable to restore some files depending on location and file permissions. Please try starting your applications and make sure all of them run as expected. Check for updates to your antivirus as well as Windows updates. Make sure you create a new System Restore point and if all still seems okay go ahead and clear the quarantine folder if you like but there is nothing wrong with leaving the files there for a few days just to make sure.

It is not allowing any of these 921 quarantines to be restored. Assuming I am understanding what restore actually does, shouldn't they vanish from quarantine after being restored? Can I just leave all 921 dlls in quarantine if everything else is working fine? Is restore the same as "clear"?

April 17, 2013

@MySickComputer
Please see the post here for help with this if needed.
If you're still up and running then do not reboot. From the quarantine tab select the Restore All button. Some of the files may not be able to be restored depending on the OS and other issues.
Otherwise please follow the directions from this post or let us know what additional issues you're having trying to follow those directions.
http://forums.malwar...howtopic=125136
Thanks again

I did "Restore All" in regular mode but none of them were restored. I have done both of the fixes in that post. Running XP and have rebooted numerous times with no hiccups, just can't figure out this 921 files quarantined issue. I have not enabled MB protection. MB version says "Build Date 4/4/2013 11:50 am"

April 17, 2013

You can also uncheck the automatic quarantine. Then it would alert you and ask you what you want to do. I would open the program and check the Quarantine tab again and make sure no files are left if there are then try again to restore those.
Then start running and testing other programs you have and make sure they seem to run okay as well.

I have 921 files in Quarintine, mostly system32 dlls.

Is there anything MB can do to help know what is what?

April 16, 2013

Do I need to restore all quarantined files or just some of them?

April 16, 2013

Please try the following if you can get the file downloaded to your affected PC:
Use the Malwarebytes Anti-Malware False Positive Fix Tool:
Make certain you are logged in as an administrator
Download the Malwarebytes Anti-Malware FP Fix Tool from here and save it to a convenient location such as your desktop
Extract all of the files to a folder and run RunThis.bat NOTE: Windows Vista, Windows 7 and Windows 8 users must right-click on the file and choose Run as Administrator and click Yes or Continue to any User Account Control prompts
Restart your system and verify that it is now working properly
If you continue to have trouble, please contact Support directly via this link and they will assist you further.
Thanks

Well it finished running after about 35 minutes and on the reboot everything is pretty much back to normal. Windows defender claimed it had 3 new dll Trojans which I quarantined. MB is back but not enabled. Is it safe to enable it now?

April 16, 2013

I have Anti-Malware FP Fix Tool running right now, it has been going for about 5 minutes. How long should it take before it finishes?

April 16, 2013

btw, I have XP and have restarted a multitude of times.I got into safe mode, and ran the dffsetup-mss32 but keep having the MSVBVM60.DLL error again when attempting to finish. Also having other dll errors pop up when trying to open hijackthis and firefox. System Restore is inoperable too.

April 16, 2013

Thank you, I will give this a try.

April 16, 2013

I think I've got a pretty bad zero access root kit or something like http://forums.malwarebytes.org/index.php?showtopic=20639

Turned on PC today and add the the MB alerts going crazy.... long story short I have just recently been able to gain access to the web again using dial-a-fix and others which has probably hosed my PC for good. I cannot access firefox browser or system restore. Please help or at least confirm I need to wipe the hard drive.

May 16, 2011

all seems to be going well Kenny94, really appreciate all the help.

have one other question.

do you recommend any particular external hard drive backup system?

i see a bunch of "Clickfree" brands on ebay.

i would like to purchase one but have no clue which ones are the best.

definitely want one that will do its job if i ever have to flattened (format) my hard drive.

May 15, 2011

Some of my friends use windizupdate and/or addon/windowsupdate add on:
https://addons.mozilla.org/en-us/firefox/addon/go-to-windizupdate/#reviews
https://addons.mozilla.org/en-us/firefox/addon/windowsupdate/
I don't use firefox. I mainly use Google Chrome. So I never tried these add ons...

i tried windowsupdate.

May 15, 2011

I would change any financial site passwords. To be on the safe side. ATF cleaner and CCleaner are similar.
As for Combofix. Please do the below:
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Okay Kenny94, everything is looking good here i think... ran the OTC.exe and that seems to have removed combofix successfully.

I went ahead and placed most of the other logs/tools in their own folder for reference sake.

Been using several of your suggested tools and have a few questions:

Is Defraggler (i've used it for years) an adequate defrag or are the 2 you mentioned better?

The secunia scan found about 8 things needing updates, the most striking was IE 8 with about 100 hyperlinks... i rarely use IE so is this of any concern?

windowsupdate.com looks like it only works with IE, is there a way to get ms update status in firefox?

May 15, 2011

You might want to use ATF for firefox:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
By the way, You might want to remove the Registry cleaners you have installed... They are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

ran ATF, looks like it does about the same thing as CCleaner yes?

i run CCleaner at least once a week.

good to know about registry cleaners...

just ran the uninstall combofix (looked very similar to the install process) and have attached the log.

i'm going to install the NoScript and WOT (Web Of Trust) since firefox is and has been my default brower for over 5 years.

assuming everything here is done/fixed i just have one more question: how likely is identity / banking info theft from this severe intrusion by TDL3 ?

combofix UNinstall log 051511.txt

May 15, 2011

As for Firefox. What happens when you open it?

well, i just tried opening it again and now it appears to be working perfectly.

May 15, 2011

good to hear java is okay.

pc was doing pretty well up until i noticed a double instance of "dllhost.exe" in task manager last night.

i tried deleting it several different ways but it always came back.

i ran a full scan using avira (attached).

logged on this morning and have not seen the dllhost.exe in task manager but firefox browser is not opening correctly (i'm using chrome right now).

when firefox finally opens (after a few minutes) i get about 15 "plugin-container.exe" and 4 "ArcoRd32.exe" in task mgr

any ideas?

AVSCAN-2011 0514.txt

May 15, 2011

"Instead of attaching, please copy/past both logs into your Thread"

DDS (Ver_11-03-05.01) - NTFSx86

Run by Paul Russell at 21:10:31.56 on Sat 05/14/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.233 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: McAfee Personal Firewall Plus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Paul Russell\Desktop\dds.scr

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

.

============== Pseudo HJT Report ===============

.

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"

mRun: [TPSMain] TPSMain.exe

mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"

mRun: [synTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [smoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"

mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [TFncKy] TFncKy.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

Trusted Zone: microsoft.com\www.update

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\paulru~1\applic~1\mozilla\firefox\profiles\taikida1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows media player\npatgpc.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-14 11608]

R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-1-4 80640]

R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2009-3-14 11264]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-14 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-14 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-14 61960]

R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2006-1-11 137344]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-31 363344]

R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2006-1-11 12032]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-31 20952]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-1 135664]

S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2006-1-25 95232]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-1 135664]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-7-28 14336]

S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-1-5 126976]

S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-1-5 122368]

S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-7-28 245760]

.

=============== Created Last 30 ================

.

2011-05-15 02:41:20 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-15 02:04:58 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-15 02:04:57 -------- d-----w- c:\program files\Avira

2011-05-15 02:04:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-05-15 00:38:13 -------- d-sha-r- C:\cmdcons

2011-05-15 00:31:05 -------- d-----w- c:\windows\system32\CatRoot2

2011-05-15 00:24:31 -------- d--h--w- c:\program files\WindowsUpdate

2011-05-14 22:29:47 98816 ----a-w- c:\windows\sed.exe

2011-05-14 22:29:47 89088 ----a-w- c:\windows\MBR.exe

2011-05-14 22:29:47 256512 ----a-w- c:\windows\PEV.exe

2011-05-14 22:29:47 161792 ----a-w- c:\windows\SWREG.exe

2011-05-14 18:02:18 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BIT4.tmp

2011-05-14 18:02:16 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BIT3.tmp

2011-05-13 16:54:40 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{cbbd5efe-e8d6-47af-b163-26e699dc2cbb}\mpengine.dll

2011-05-13 16:52:57 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-05-13 16:52:57 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-13 05:25:08 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BITA.tmp

2011-05-13 05:25:08 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BIT7.tmp

2011-05-13 04:30:52 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BIT9.tmp

2011-05-13 04:30:51 0 ---ha-w- c:\docume~1\paulru~1\locals~1\applic~1\BIT8.tmp

2011-05-13 04:23:57 0 ----a-w- c:\windows\Xvitalegetek.bin

2011-05-10 22:24:02 -------- d-----w- c:\windows\system32\NtmsData

2011-05-08 17:18:44 -------- d-----w- c:\windows\ie8updates

2011-05-08 17:10:32 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-05-08 17:10:32 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-05-08 17:10:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-05-08 17:10:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-05-08 17:10:27 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-05-08 17:10:25 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-05-08 17:09:58 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-05-06 03:30:04 -------- d-----w- c:\program files\ATF

2011-05-04 03:56:18 -------- d-sh--w- c:\documents and settings\paul russell\PrivacIE

2011-05-04 03:53:58 -------- d-sh--w- c:\documents and settings\paul russell\IETldCache

2011-05-04 03:51:09 -------- d--h--w- c:\windows\msdownld.tmp

2011-05-04 03:49:10 -------- dc-h--w- c:\windows\ie8

2011-05-01 06:34:08 388096 ----a-r- c:\docume~1\paulru~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-04-26 01:02:36 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-04-26 01:02:36 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-04-26 01:02:35 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-04-26 01:02:35 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-04-26 01:02:35 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-26 01:02:34 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-04-26 01:02:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-26 01:02:33 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-05-15 02:41:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-16 20:28:20 16704 ----a-w- c:\windows\system32\roboot.exe

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 21:12:10.31 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/4/2006 5:30:28 PM

System Uptime: 5/14/2011 7:35:40 PM (2 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Pentium® M processor 2.00GHz | mFCPGA | 1994/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 93 GiB total, 59.813 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\785027D180DA0

Manufacturer: Microsoft

Name: 1394 Net Adapter #2

PNP Device ID: V1394\NIC1394\785027D180DA0

Service: NIC1394

.

==== System Restore Points ===================

.

RP1584: 2/14/2011 6:25:26 PM - System Checkpoint

RP1585: 2/15/2011 5:19:23 PM - Software Distribution Service 3.0

RP1586: 2/16/2011 7:28:21 PM - System Checkpoint

RP1587: 2/17/2011 7:53:05 PM - System Checkpoint

RP1588: 2/18/2011 4:29:12 PM - Software Distribution Service 3.0

RP1589: 2/19/2011 5:19:33 PM - System Checkpoint

RP1590: 2/20/2011 7:42:00 PM - System Checkpoint

RP1591: 2/22/2011 1:51:48 PM - Software Distribution Service 3.0

RP1592: 2/23/2011 4:04:18 PM - System Checkpoint

RP1593: 2/23/2011 6:43:05 PM - Software Distribution Service 3.0

RP1594: 2/24/2011 7:22:40 PM - System Checkpoint

RP1595: 2/25/2011 3:05:50 PM - Software Distribution Service 3.0

RP1596: 2/26/2011 3:36:38 PM - System Checkpoint

RP1597: 2/27/2011 4:59:34 PM - System Checkpoint

RP1598: 2/28/2011 5:53:19 PM - System Checkpoint

RP1599: 3/1/2011 5:22:51 PM - Software Distribution Service 3.0

RP1600: 3/2/2011 5:45:28 PM - System Checkpoint

RP1601: 3/3/2011 6:02:47 PM - System Checkpoint

RP1602: 3/4/2011 9:50:32 AM - Software Distribution Service 3.0

RP1603: 3/5/2011 10:46:15 AM - System Checkpoint

RP1604: 3/6/2011 12:26:00 PM - System Checkpoint

RP1605: 3/7/2011 4:10:50 PM - System Checkpoint

RP1606: 3/7/2011 8:55:09 PM - Unsigned driver install

RP1607: 3/8/2011 4:58:20 PM - Software Distribution Service 3.0

RP1608: 3/8/2011 5:01:27 PM - Software Distribution Service 3.0

RP1609: 3/9/2011 6:59:07 PM - System Checkpoint

RP1610: 3/10/2011 4:52:49 PM - Software Distribution Service 3.0

RP1611: 3/11/2011 4:22:56 PM - Software Distribution Service 3.0

RP1612: 3/12/2011 4:33:15 PM - System Checkpoint

RP1613: 3/13/2011 6:09:13 PM - System Checkpoint

RP1614: 3/14/2011 6:28:05 PM - System Checkpoint

RP1615: 3/15/2011 5:59:56 PM - Software Distribution Service 3.0

RP1616: 3/16/2011 8:13:28 PM - System Checkpoint

RP1617: 3/18/2011 12:28:13 PM - Software Distribution Service 3.0

RP1618: 3/19/2011 3:50:40 PM - System Checkpoint

RP1619: 3/19/2011 7:02:04 PM - Installed Adobe Reader X (10.0.1).

RP1620: 3/21/2011 7:04:46 AM - System Checkpoint

RP1621: 3/22/2011 4:33:24 PM - Software Distribution Service 3.0

RP1622: 3/23/2011 3:13:51 PM - Software Distribution Service 3.0

RP1623: 3/24/2011 4:04:32 PM - System Checkpoint

RP1624: 3/25/2011 10:22:06 AM - Software Distribution Service 3.0

RP1625: 3/26/2011 9:43:11 PM - System Checkpoint

RP1626: 3/28/2011 4:56:02 PM - System Checkpoint

RP1627: 3/29/2011 5:17:44 PM - Software Distribution Service 3.0

RP1628: 3/30/2011 5:43:25 PM - System Checkpoint

RP1629: 4/1/2011 4:16:57 PM - Software Distribution Service 3.0

RP1630: 4/2/2011 10:20:18 PM - System Checkpoint

RP1631: 4/4/2011 5:07:05 PM - System Checkpoint

RP1632: 4/5/2011 6:38:37 PM - Software Distribution Service 3.0

RP1633: 4/7/2011 4:28:52 PM - System Checkpoint

RP1634: 4/8/2011 5:42:55 PM - Software Distribution Service 3.0

RP1635: 4/9/2011 9:10:28 PM - System Checkpoint

RP1636: 4/10/2011 9:48:38 PM - System Checkpoint

RP1637: 4/12/2011 4:45:19 PM - System Checkpoint

RP1638: 4/12/2011 9:01:43 PM - Software Distribution Service 3.0

RP1639: 4/12/2011 9:42:44 PM - Software Distribution Service 3.0

RP1640: 4/14/2011 4:19:24 PM - System Checkpoint

RP1641: 4/14/2011 10:21:27 PM - Software Distribution Service 3.0

RP1642: 4/15/2011 8:56:02 PM - Software Distribution Service 3.0

RP1643: 4/16/2011 7:54:04 PM - Software Distribution Service 3.0

RP1644: 4/17/2011 8:39:49 PM - System Checkpoint

RP1645: 4/19/2011 10:21:03 AM - Software Distribution Service 3.0

RP1646: 4/20/2011 7:59:58 PM - System Checkpoint

RP1647: 4/21/2011 8:46:35 PM - System Checkpoint

RP1648: 4/22/2011 10:48:45 AM - Software Distribution Service 3.0

RP1649: 4/23/2011 12:32:49 PM - System Checkpoint

RP1650: 4/24/2011 12:58:14 PM - System Checkpoint

RP1651: 4/25/2011 2:58:31 PM - System Checkpoint

RP1652: 4/26/2011 6:00:06 PM - System Checkpoint

RP1653: 4/27/2011 6:15:58 PM - Software Distribution Service 3.0

RP1654: 4/27/2011 6:17:44 PM - Software Distribution Service 3.0

RP1655: 4/29/2011 9:01:04 AM - System Checkpoint

RP1656: 4/29/2011 11:18:16 AM - Software Distribution Service 3.0

RP1657: 4/30/2011 2:19:54 PM - System Checkpoint

RP1658: 5/1/2011 7:18:15 PM - System Checkpoint

RP1659: 5/3/2011 6:00:44 PM - System Checkpoint

RP1660: 5/3/2011 8:50:23 PM - Installed Windows Internet Explorer 8.

RP1661: 5/4/2011 8:53:29 PM - System Checkpoint

RP1662: 5/5/2011 8:59:42 PM - System Checkpoint

RP1663: 5/7/2011 6:39:49 AM - System Checkpoint

RP1664: 5/8/2011 9:17:04 AM - Removed KML Editor

RP1665: 5/8/2011 9:18:26 AM - Removed Imgur Uploader

RP1666: 5/8/2011 9:28:35 AM - Installed Microsoft Fix it 50267

RP1667: 5/8/2011 10:09:48 AM - Software Distribution Service 3.0

RP1668: 5/8/2011 10:16:55 AM - Software Distribution Service 3.0

RP1669: 5/9/2011 5:05:37 PM - System Checkpoint

RP1670: 5/10/2011 11:18:13 AM - Software Distribution Service 3.0

RP1671: 5/11/2011 2:45:17 PM - Avg8 Update

RP1672: 5/11/2011 2:50:16 PM - Software Distribution Service 3.0

RP1673: 5/13/2011 9:51:18 AM - Restore Operation

RP1674: 5/14/2011 11:30:08 AM - System Checkpoint

RP1675: 5/14/2011 11:57:07 AM - Removed AVG Free 8.5

RP1676: 5/14/2011 12:02:15 PM - Removed AVG Free 8.5

RP1677: 5/14/2011 12:04:47 PM - Removed AVG Free 8.5

RP1678: 5/14/2011 12:14:35 PM - Removed AVG Free 8.5

RP1679: 5/14/2011 12:16:13 PM - Removed AVG Free 8.5

RP1680: 5/14/2011 7:04:57 PM - Avira AntiVir Personal - 5/14/2011 19:04

RP1681: 5/14/2011 7:29:02 PM - Removed J2SE Runtime Environment 5.0 Update 2

RP1682: 5/14/2011 7:32:58 PM - Removed Java 6 Update 20

RP1683: 5/14/2011 7:40:41 PM - Installed Java 6 Update 25

RP1684: 5/14/2011 7:41:58 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Acrobat 5.0

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Advanced SystemCare 3

AirSnare

America Online (Choose which version to remove)

Apple Application Support

Apple Software Update

ArcExplorer Java Edition

AT&T Connection Services Manager

Avira AntiVir Personal - Free Antivirus

AVS Audio Editor version 4.2

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.3

Bluetooth Stack for Windows by Toshiba

CAD2Shape 4.0

Camera Window

Canon Camera Window for ZoomBrowser EX

Canon PhotoRecord

Canon Utilities Easy-PhotoPrint

Canon Utilities PhotoStitch 3.1

Canon Utilities ZoomBrowser EX

CCleaner

CD/DVD Drive Acoustic Silencer

Defraggler

DVD-RAM Driver

dwgConvert 4.0

Easy-WebPrint

EasyCleaner

ESET Online Scanner v3

Ethereal 0.99.0

Eusing Free Registry Cleaner

filehippo.com Update Checker

Free PS Convert driver 8.15

Google Chrome

Google Earth

Google Update Helper

Grand Theft Auto Vice City

GTA San Andreas

HiJackThis

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless Software

InterVideo WinDVD Creator 2

InterVideo WinDVD for TOSHIBA

IrfanView (remove only)

Java Auto Updater

Java 6 Update 25

Leisure Suit Larry - Magna Cum Laude

Logitech Desktop Messenger

Logitech SetPoint

Malwarebytes' Anti-Malware

Mapping Your Travels and Relocation

MapWindow GIS

McAfee Personal Firewall Plus

McAfee SecurityCenter

mCore

mDrWiFi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office OneNote 2003

Microsoft Office Standard Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

Microsoft Works

mIWA

mIWCA

mLogView

mMHouse

Mozilla Firefox (3.6.3)

mPfMgr

mPfWiz

mProSafe

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

mWlsSafe

mXML

MyConnect Special Offer

mZConfig

Notebook Maximizer

NSIS KSDownloader

OCAD 10 Viewer Viewer

Opera 9.51

PhotoStitch

Pure Networks Port Magic

Python 2.1

Python 2.1 combined Win32 extensions

Quantum GIS Copiapo 1.6.0

Quicken 2005

QuickTime

SD Secure Module

Security Task Manager 1.7d

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SMSC IrCC V5.1.3600.5 SP2

Sonic DLA

Sonic RecordNow!

Sony Picture Utility

Sony USB Driver

SoundMAX

Super Utilities Pro 9.41

Synaptics Pointing Device Driver

System Requirements Lab

Texas Instruments PCIxx21/x515 drivers.

TextPad 5

Tiles2kml Pro

TIxx21/x515

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Hotkey Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

Toshiba Q4 Retail Demo ScreenSaver

Toshiba Registration

TOSHIBA SD Memory Card Format

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

Toshiba Tbiosdrv Driver

TOSHIBA TouchPad ON/Off Utility

TOSHIBA Utilities

TOSHIBA Virtual Sound

TOSHIBA Zooming Utility

Touch and Launch

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Veo Connect

Veo Digital Studio

Viewpoint Media Player

WebFldrs XP

Windows Defender

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows XP Service Pack 3

WinRAR archiver

Wisdom-soft Set up ASR 3.1 Free

World Health Chart 2001, Public Beta 0.1

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

5/8/2011 9:18:38 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

5/8/2011 8:59:59 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402

5/8/2011 8:59:59 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

5/8/2011 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

5/8/2011 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402

5/8/2011 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

5/8/2011 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402

5/8/2011 12:58:59 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

5/8/2011 12:18:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

5/8/2011 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

5/8/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402

5/8/2011 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

5/8/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

5/8/2011 1:45:01 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

5/8/2011 1:34:57 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

5/8/2011 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

5/8/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

5/7/2011 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

5/7/2011 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402

5/7/2011 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

5/7/2011 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402

5/14/2011 5:43:32 PM, error: PlugPlayManager [11] - The device Root\LEGACY_BFASTFAO\0000 disappeared from the system without first being prepared for removal.

5/14/2011 5:39:21 PM, error: Service Control Manager [7034] - The TOSHIBA Application Service service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:21 PM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:21 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 5:39:20 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).

5/14/2011 3:37:09 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

5/14/2011 3:37:09 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AFPANSI\0000 disappeared from the system without first being prepared for removal.

5/14/2011 3:23:30 PM, error: Service Control Manager [7034] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 2 time(s).

5/14/2011 3:23:30 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

5/13/2011 9:54:40 AM, error: WinDefend [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.103.1139.0 Loading engine version: 1.1.6802.0

5/13/2011 7:30:01 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SuperMounter Tosrfcom

5/12/2011 9:59:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/12/2011 9:43:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/12/2011 10:24:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

5/12/2011 10:24:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde KR10N

5/11/2011 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

5/11/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402

5/11/2011 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

5/11/2011 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402

5/11/2011 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

5/11/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402

5/11/2011 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

5/11/2011 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402

5/11/2011 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

5/11/2011 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402

5/11/2011 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

5/11/2011 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402

5/11/2011 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402

5/11/2011 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402

5/10/2011 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402

5/10/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402

5/10/2011 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402

5/10/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402

5/10/2011 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402

5/10/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402

5/10/2011 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

5/10/2011 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

5/10/2011 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402

5/10/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

.

==== End Of File ===========================

May 15, 2011

hey Kenny94, got the Java update done but it didn't match your "Java Version: 1.6.0_25" designation.

Please see attached screen shot of java update.

There was an ms update prompt i went ahead and installed after installing the latest java, also attached a screen shot of that somewhat suspicious looking process... idk, maybe i'm just paranoid.

May 15, 2011

OOPS! might help if i read everything in your posts :rolleyes:

"Click on the link to download Windows Offline Installation and save the file to your desktop"

let me proceed here and try it again.

May 15, 2011

yes, AVG has never been very impressive, i download Avira and attached the scan results.

Question on the Java updates, please see attached screenshot of all the download options, which one am i supposed to download?

Thanks for bearing with my ignorance on this and other things btw.

AVSCAN-20110514-190730-291BB55B.LOG

May 15, 2011

combofix log 051411 ii log is attached for review.

combofix log 051411 ii.txt

May 14, 2011

Download AppRemover and run it.
Click Next >>
Ensure "Remove Security Application" is collected and click Next >>
AppRemover will scan all the security applications on your PC
Select Any AVG entries from the applications offered and click Next >> twice.
Follow any further on-screen instructions. If asked to reboot,please do so.
Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

AppRemover worked.

combofix log is attached.

i was disconnected from internet while running it, prompted me to connect to download the ms recovery thing but didn't grab it after i was connected.

Should i run it again with the internet connected?

combofix log 051411.txt

May 14, 2011

Hi
Okay, we still have some work to do.
Download ComboFix from below:
Combofix download
* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------

unable to run ComboFix due to AVG not being properly disabled... i followed the instructions given in that bleepingcomputer link, and then followed the combofix prompt to uninstall AVG which gave errors when attempted, please see attached screen shot

May 14, 2011

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.
Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.
Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix for TDL4
Save the log as before and post in your next reply

aswMBR 051411 ii log is attached.

when i hit FIX it got locked up at "verifying disinfection" and required shut down by killing the power supply.

started back up just fine, ran aswMBR.exe again, hit scan, saved log.

aswMBR 051411 ii.txt

May 14, 2011

Hi MySickComputer and Welcome to Malwarebytes!
Please download aswMBR from here
Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below
Note: Do not take action against any **Rootkit** entries until I have reviewed the log.
Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review

Thanks Kenny94!

aswMBR 051411.txt log is attached for review.

aswMBR 051411.txt

May 14, 2011

Please help. I've been trying to remove infection(s) without success.

i have attached the logs from DDS saying "possible TDL3 rootkit infection".

i just bought the paid version of MB yesterday and last night kept getting repeated attacks from about 10 different ip addresses (attached also).

2 days ago went round & round with a disabled desktop and task manager, went into safe mode repeatedly using fixer.exe, ESET, MB, numerous Hijackthis kills, and ended up doing a system restore which got it back to something resembling normal.

ESET online scanner and MB have found and quarantined a few dozen things but this is still obviously not fixed yet.

Any help would be greatly appreciated.

attack ip addresses051311.txt

Attach 051411.txt

Events

Profiles

Forums

Posts posted by MySickComputer

Important Information