Jump to content

Elderly Neighbor's Laptop Feeling Under the Weather


IBC
 Share

Recommended Posts

My neighbor came to me with a laptop that was pretty much riddled with malware. It hadn't had any Windows updates applied in months, and the anti-malware protection was completely out of date. I downloaded the Malwarebytes program, and managed to install it from a USB, then managed to install MS Security Essentials. After a couple of full system scans, I was able to install "Super Anti Spyware" as well. After that I was able to run MS Updater, and now it says that all the lapsed patches have been applied as well.

Now all three come up clean, and the system is behaving somewhat normally. But there seems to be occasional suspicious hard-drive activity, and it sometimes refuses to connect with certain websites.

Currently it's a thousand times better than it was when she gave it to me, but I just want to make sure there's nothing lurking beneath the surface waiting to reinfect.

Thanks in advance for any help!

Best,

Ian

DDS.txt

Attach.zip

Link to post
Share on other sites

Hello Ian! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

There are some things that need to be checked, and others to remove.

Step 1

Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.

Click Start => Control Panel.

Double-click the Java icon in the control panel. The Java Control Panel appears.

plugin_cache1.jpg

Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.

plugin_cache2.jpg

Click Delete Files. The Delete Temporary Files dialog box appears.

plugin_cache3.jpg

Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Step 2

Please uninstall the following application: StartNow Toolbar . Check out the description:

http://www.systemlookup.com/CLSID/72681-Toolbar32_dll.html

Step 3

It seems that old antivirus was AVG. Unfortunately, you or the owner has been cleared it in the wrong way and now there are remnants of it. These remnants can cause conflicts with current antivirus program. Now we need to clean them.

Please download AppRemover from:

http://www.appremover.com/get/appremover.exe

Then follow the instructions from How to Use AppRemover to Clean Up a Failed Uninstall here:

http://www.appremover.com/faq/about/using-appremover.html

Step 4

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\programdata\291FD


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please post the following log files:

  • SystemLook log
  • a new fresh DDS log with Attach.txt

Link to post
Share on other sites

Thanks for helping out!

- Trying to remove the StartNow malware, but I got an error, and Windows said it may already be uninstalled. It asked if I wanted to remove it from the list of programs, and I said 'Yes'.

- Trying to access the URL you included for the malware report on StartNow Toolbar, I was unable to connect with the website. Could something be blocking access?

- AppRemover couldn't find remnants of AVG. I tried to submit an error report to them, but it couldn't connect with the server.

I attached the output of systemlook too.

Link to post
Share on other sites

- Trying to remove the StartNow malware, but I got an error, and Windows said it may already be uninstalled. It asked if I wanted to remove it from the list of programs, and I said 'Yes'.

Good decision!

- Trying to access the URL you included for the malware report on StartNow Toolbar, I was unable to connect with the website. Could something be blocking access?

Yes, I successfully open a website, which means that the most likely cause of which is malware.

- AppRemover couldn't find remnants of AVG. I tried to submit an error report to them, but it couldn't connect with the server.

I'll attach in my post AVG Uninstaller tool, developed by AVG Technologies. Download it, run it and follow the instructions to successfully clean AVG remnants.

I attached the output of systemlook too.

Don't miss a new fresh DDS with Attach.txt , but please paste, do not attach them.

avg_remover_stf_x86_2012_1796.zip

Link to post
Share on other sites

Okay, back on track. Here's the results of DDS after running the AVG removal applet...

DDS.TXT:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by margarita at 14:35:05 on 2011-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1923 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\progra~1\imesha~1\mediabar\toolbar\iMeshMediaBarDx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [DW6]
uRun: [Google Update] "c:\users\margarita\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA1ADkAMwA0ADcANgA3ADgALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAzADUAMAAwADcALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQA"&"prod=90"&"ver=9.0.894
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5BE236FD-3749-4E42-988B-53DC570CF5F6} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-9 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslc5a77481;MpKslc5a77481;c:\programdata\microsoft\microsoft antimalware\definition updates\{3c312491-3006-46b6-8bbc-79c3cccafe1b}\MpKslc5a77481.sys [2011-11-15 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-9 954368]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-9-5 393648]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
.
=============== Created Last 30 ================
.
2011-11-15 19:20:25 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c312491-3006-46b6-8bbc-79c3cccafe1b}\MpKslc5a77481.sys
2011-11-15 19:20:22 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c312491-3006-46b6-8bbc-79c3cccafe1b}\offreg.dll
2011-11-15 18:45:05 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c312491-3006-46b6-8bbc-79c3cccafe1b}\mpengine.dll
2011-11-15 02:13:46 -------- d-----w- c:\users\margarita\appdata\roaming\SUPERAntiSpyware.com
2011-11-15 02:13:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-15 02:13:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-15 00:21:10 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-15 00:21:10 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-15 00:21:10 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-15 00:21:10 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-15 00:19:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-15 00:17:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-15 00:17:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-15 00:17:05 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-15 00:17:03 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-14 22:43:44 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{acb811a2-1e47-4bee-be9e-5c90af7484e3}\gapaengine.dll
2011-11-14 22:43:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-14 22:25:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-14 22:25:11 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-14 19:39:47 -------- d-----w- c:\windows\pss
2011-11-10 00:49:38 -------- d-----w- c:\users\margarita\appdata\local\Akamai
2011-11-09 12:02:40 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:02:40 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 12:02:26 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-10-27 00:09:28 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-23 14:19:41 -------- d-----w- c:\programdata\291FD
.
==================== Find3M ====================
.
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:35:21.03 ===============

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2009 7:39:51 PM
System Uptime: 11/15/2011 2:19:34 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 138.123 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP775: 9/13/2011 5:27:55 PM - Scheduled Checkpoint
RP776: 9/14/2011 10:24:55 AM - Scheduled Checkpoint
RP777: 9/15/2011 7:29:50 AM - Scheduled Checkpoint
RP778: 9/16/2011 6:19:41 PM - Scheduled Checkpoint
RP779: 9/18/2011 10:28:44 AM - Scheduled Checkpoint
RP780: 9/19/2011 12:37:09 AM - Scheduled Checkpoint
RP781: 9/22/2011 11:21:50 PM - Scheduled Checkpoint
RP783: 10/11/2011 7:28:11 PM - Avg Update
RP785: 10/24/2011 5:24:31 PM - Avg Update
RP786: 10/30/2011 4:17:56 PM - Scheduled Checkpoint
RP787: 11/12/2011 9:02:14 PM - Scheduled Checkpoint
RP788: 11/13/2011 10:50:56 AM - Scheduled Checkpoint
RP789: 11/14/2011 3:49:42 PM - Removed AVG Free 9.0
RP790: 11/14/2011 3:52:13 PM - Installed AVG Free 9.0
RP791: 11/14/2011 5:24:54 PM - Windows Update
RP792: 11/14/2011 5:42:41 PM - Windows Update
RP793: 11/14/2011 6:36:06 PM - Windows Update
RP794: 11/14/2011 9:06:38 PM - Windows Modules Installer
RP795: 11/14/2011 10:06:02 PM - Windows Update
RP796: 11/15/2011 8:07:59 AM - Removed NetAssistant
RP797: 11/15/2011 8:08:59 AM - Removed Windows Media Player Firefox Plugin
RP798: 11/15/2011 8:09:34 AM - Removed Windows Media Player Firefox Plugin
RP799: 11/15/2011 8:15:57 AM - Post Clean-up
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Bonjour
BufferChm
C4USelfUpdater
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Destinations
DeviceDiscovery
DocMgr
DocProc
DVD MovieFactory for TOSHIBA
Easy Grade Pro
essentials
Fax
Google Chrome
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Photosmart Essential
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iMesh
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 6
Kodak AIO Printer
KODAK AiO Software
LittlePDF 1.0.0.0
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
McDougal Littell Interactive Review - Biology
Merriam-Webster
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero OEM
NetLogo 4.1.3
Network
Ocean - Research Library
ocr
OCR Software by I.R.I.S. 13.0
PDFCreator
Picasa 3
PreReq
ProVoice21 Installation
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Shop for HP Supplies
Skype™ 4.0
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WebReg
Winamp
Winamp Detector Plug-in
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/15/2011 2:35:10 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SQ004816V03.
11/15/2011 2:20:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/15/2011 2:10:11 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/15/2011 2:09:48 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/15/2011 2:06:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 2:06:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2011 2:06:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/15/2011 2:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/15/2011 2:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/15/2011 2:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/15/2011 2:06:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/15/2011 2:05:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/15/2011 2:03:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/15/2011 1:50:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SASDIFSV SASKUTIL spldr Wanarpv6
11/15/2011 1:49:52 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
11/15/2011 1:24:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer IAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5BE236FD-3749-4E42-988B-53DC570CF5F. The master browser is stopping or an election is being forced.
11/15/2011 1:10:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/14/2011 9:39:54 AM, Error: EventLog [6008] - The previous system shutdown at 7:05:07 PM on 11/13/2011 was unexpected.
11/14/2011 7:04:38 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/14/2011 7:04:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2579686).
11/14/2011 7:00:35 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2579686 (Security Update) into Resolving(Resolving) state
11/14/2011 7:00:35 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2579686 (Security Update) into Absent(Absent) state
11/14/2011 6:59:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Mail Junk E-mail Filter [November 2011] (KB905866).
11/14/2011 6:59:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Staging(Staging) state
11/14/2011 6:59:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolving(Resolving) state
11/14/2011 6:59:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Resolved(Resolved) state
11/14/2011 6:59:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
11/14/2011 6:59:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Absent(Absent) state
11/14/2011 6:56:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows Vista (KB2545698).
11/14/2011 6:56:48 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2545698 (Update) into Staging(Staging) state
11/14/2011 6:56:48 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2545698 (Update) into Resolved(Resolved) state
11/14/2011 6:56:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2586448).
11/14/2011 6:56:42 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2586448 (Security Update) into Resolving(Resolving) state
11/14/2011 6:56:42 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2586448 (Security Update) into Absent(Absent) state
11/14/2011 6:46:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows Vista (KB2564958).
11/14/2011 6:46:38 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2564958 (Security Update) into Resolving(Resolving) state
11/14/2011 6:46:38 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2564958 (Security Update) into Absent(Absent) state
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/14/2011 5:33:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/14/2011 5:31:20 PM, Error: EventLog [6008] - The previous system shutdown at 5:29:23 PM on 11/14/2011 was unexpected.
11/14/2011 3:45:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
11/14/2011 2:39:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
11/14/2011 12:59:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 spldr Wanarpv6
11/14/2011 12:52:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/14/2011 12:44:41 PM, Error: EventLog [6008] - The previous system shutdown at 12:42:31 PM on 11/14/2011 was unexpected.
11/14/2011 10:01:04 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 7 time(s).
11/14/2011 10:00:56 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 6 time(s).
11/14/2011 10:00:47 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 5 time(s).
11/14/2011 10:00:41 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 4 time(s).
11/14/2011 10:00:41 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 3 time(s).
11/14/2011 10:00:41 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 2 time(s).
11/14/2011 10:00:41 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 1 time(s).
11/13/2011 8:26:25 AM, Error: EventLog [6008] - The previous system shutdown at 9:29:37 PM on 11/12/2011 was unexpected.
11/13/2011 12:27:07 PM, Error: EventLog [6008] - The previous system shutdown at 12:25:14 PM on 11/13/2011 was unexpected.
11/13/2011 12:01:06 PM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 9 time(s).
11/13/2011 12:00:58 PM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 8 time(s).
11/13/2011 11:59:23 AM, Error: EventLog [6008] - The previous system shutdown at 11:55:38 AM on 11/13/2011 was unexpected.
11/13/2011 11:33:54 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 16 time(s).
11/13/2011 11:33:46 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 15 time(s).
11/13/2011 11:33:37 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 14 time(s).
11/13/2011 11:33:29 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 13 time(s).
11/13/2011 11:33:21 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 12 time(s).
11/13/2011 11:33:11 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 11 time(s).
11/13/2011 11:33:05 AM, Error: Service Control Manager [7034] - The SmartFaceVWatchSrv service terminated unexpectedly. It has done this 10 time(s).
11/13/2011 11:19:24 AM, Error: EventLog [6008] - The previous system shutdown at 11:16:42 AM on 11/13/2011 was unexpected.
11/13/2011 11:14:38 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/13/2011 11:07:51 AM, Error: EventLog [6008] - The previous system shutdown at 11:05:42 AM on 11/13/2011 was unexpected.
11/13/2011 10:28:09 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
11/12/2011 7:36:14 PM, Error: EventLog [6008] - The previous system shutdown at 7:32:08 PM on 11/12/2011 was unexpected.
.
==== End Of File ===========================

Link to post
Share on other sites

Give her greetings from Bulgaria! :)

Good, but what about the log file from System Look?

Drat. I thought I attached that already. Here y'go:

SystemLook 30.07.11 by jpshortstuff

Log created at 15:06 on 15/11/2011 by margarita

Administrator - Elevation successful

========== dir ==========

c:\programdata\291FD - Parameters: "(none)"

---Files---

{4C36B09F-81CA-44CD-9EEB-42AAA29B71DB}.swf --a---- 3957 bytes [14:19 23/10/2011] [15:54 13/07/2011]

---Folders---

None found.

-= EOF =-

Link to post
Share on other sites

Here's log.txt

ComboFix 11-11-15.01 - margarita 11/15/2011 15:33:38.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1808 [GMT -5:00]

Running from: c:\users\margarita\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 18:45 . 2011-10-07 01:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C312491-3006-46B6-8BBC-79C3CCCAFE1B}\mpengine.dll

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\users\margarita\AppData\Roaming\SUPERAntiSpyware.com

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-15 00:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-11-15 00:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-11-15 00:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-11-15 00:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-11-15 00:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-15 00:17 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-11-15 00:17 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-11-15 00:17 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-11-15 00:17 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-11-14 22:44 . 2011-11-14 22:44 -------- d-----w- c:\program files\Apple Software Update

2011-11-14 22:43 . 2011-11-14 22:43 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACB811A2-1E47-4BEE-BE9E-5C90AF7484E3}\gapaengine.dll

2011-11-14 22:43 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-14 22:25 . 2011-11-14 22:26 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-14 22:25 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-11-10 00:49 . 2011-11-12 04:08 -------- d-----w- c:\users\margarita\AppData\Local\Akamai

2011-11-09 12:02 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 12:02 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-11-09 12:02 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-27 00:09 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-23 14:19 . 2011-10-23 14:19 -------- d-----w- c:\programdata\291FD

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 20:43 . 2011-11-15 20:43 0 ---ha-w- c:\users\margarita\AppData\Local\BIT3AA3.tmp

2011-09-07 22:45 . 2011-09-07 22:45 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe

2011-09-07 22:45 . 2011-09-07 22:45 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe

2011-09-07 22:45 . 2011-09-07 22:45 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe

2011-09-06 13:30 . 2011-10-11 23:48 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-02-13 19:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAA1ADkAMwA0ADcANgA3ADgALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0ARABEAFQAKwAzADUAMAAwADcALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQA∏=90&ver=9.0.894" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]

2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-02-28 15:59 133104 ----atw- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-25 23:05 170520 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

2007-11-01 06:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-04-16 01:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-25 23:06 150040 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 19:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-03-11 19:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2008-06-02 21:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-12-07 02:12 1029416 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-03-21 18:28 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]

2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R1 MpKslc5a77481;MpKslc5a77481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C312491-3006-46B6-8BBC-79C3CCCAFE1B}\MpKslc5a77481.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]

R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]

R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]

R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]

R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]

R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]

R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 00:58]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 00:58]

.

2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844338048-2687002610-4010198750-1000Core.job

- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 15:59]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844338048-2687002610-4010198750-1000UA.job

- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 15:59]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

HKCU-Run-DW6 - (no file)

MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe

MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe

MSConfigStartUp-NDSTray - NDSTray.exe

MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2011-11-15 15:48:39 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-15 20:47

.

Pre-Run: 148,180,205,568 bytes free

Post-Run: 149,950,300,160 bytes free

.

- - End Of File - - B7DDC9A4E4EA15800D1FB5D3B82F1EE2

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\programdata\291FD

File::
c:\users\margarita\AppData\Local\BIT3AA3.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Here's the latest:

ComboFix 11-11-15.05 - margarita 11/15/2011 16:20:59.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1999 [GMT -5:00]

Running from: c:\users\margarita\Desktop\ComboFix.exe

Command switches used :: E:\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\margarita\AppData\Local\BIT3AA3.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\291FD

c:\programdata\291FD\{4C36B09F-81CA-44CD-9EEB-42AAA29B71DB}.swf

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 21:26 . 2011-11-15 21:26 -------- d-----w- c:\users\margarita\AppData\Local\temp

2011-11-15 21:26 . 2011-11-15 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-15 20:57 . 2011-11-15 20:57 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35206444-93C2-4567-BEFB-A7158FF3FD94}\MpKsl433e39fb.sys

2011-11-15 20:57 . 2011-11-15 20:57 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35206444-93C2-4567-BEFB-A7158FF3FD94}\offreg.dll

2011-11-15 20:52 . 2011-10-07 01:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35206444-93C2-4567-BEFB-A7158FF3FD94}\mpengine.dll

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\users\margarita\AppData\Roaming\SUPERAntiSpyware.com

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-15 02:13 . 2011-11-15 02:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-15 00:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-11-15 00:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-11-15 00:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-11-15 00:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-11-15 00:19 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-15 00:17 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-11-15 00:17 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-11-15 00:17 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-11-15 00:17 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-11-14 22:44 . 2011-11-14 22:44 -------- d-----w- c:\program files\Apple Software Update

2011-11-14 22:43 . 2011-11-14 22:43 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACB811A2-1E47-4BEE-BE9E-5C90AF7484E3}\gapaengine.dll

2011-11-14 22:43 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-14 22:25 . 2011-11-14 22:26 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-14 22:25 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-11-10 00:49 . 2011-11-12 04:08 -------- d-----w- c:\users\margarita\AppData\Local\Akamai

2011-11-09 12:02 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 12:02 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-11-09 12:02 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-10-27 00:09 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-07 22:45 . 2011-09-07 22:45 800824 ----a-w- c:\users\Default\AppData\Roaming\DPInst.exe

2011-09-07 22:45 . 2011-09-07 22:45 36352 ----a-w- c:\users\Default\AppData\Roaming\PnPutil.exe

2011-09-07 22:45 . 2011-09-07 22:45 106496 ----a-w- c:\users\Default\AppData\Roaming\gacutil.exe

2011-09-06 13:30 . 2011-10-11 23:48 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-02-13 19:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]

2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]

2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-02-28 15:59 133104 ----atw- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-06-25 23:05 170520 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]

2007-11-01 06:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-04-16 01:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-06-25 23:06 150040 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 19:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-03-11 19:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

2008-06-02 21:26 505720 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-12-07 02:12 1029416 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-03-21 18:28 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]

2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]

2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

R1 MpKslc5a77481;MpKslc5a77481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C312491-3006-46B6-8BBC-79C3CCCAFE1B}\MpKslc5a77481.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]

R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]

R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]

R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]

R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]

R4 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]

R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]

S1 MpKsl433e39fb;MpKsl433e39fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35206444-93C2-4567-BEFB-A7158FF3FD94}\MpKsl433e39fb.sys [2011-11-15 28752]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL433E39FB

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 00:58]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 00:58]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844338048-2687002610-4010198750-1000Core.job

- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 15:59]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844338048-2687002610-4010198750-1000UA.job

- c:\users\margarita\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 15:59]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-15 16:26

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????? ?m??h?????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-11-15 16:28:26

ComboFix-quarantined-files.txt 2011-11-15 21:28

ComboFix2.txt 2011-11-15 20:48

.

Pre-Run: 149,717,385,216 bytes free

Post-Run: 149,679,960,064 bytes free

.

- - End Of File - - 25A595CBCD0C35B9D6E9B4FB54EC734F

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

The virus signature is downloading for ESET now. Malwarebytes went through its scan and didn't find anything. It's weird, though: IE keeps having issues where it can't connect. I pulled up Chrome, and hit google.com, then suddenly after refreshing a few times, IE was able to start downloading the virus signature file.

Link to post
Share on other sites

Okay malwarebytes log is:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8170

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/15/2011 4:46:16 PM

mbam-log-2011-11-15 (16-46-16).txt

Scan type: Quick scan

Objects scanned: 165587

Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET log is:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

My neighbor says, "hey zdravei.blagodaria vi che pomognahte na moia sased da mi izchisti komputrcheto. kade ste?"

Link to post
Share on other sites

Things are running very well! Ran a full scan of MS Security Essentials, and found nothing. She's still having intermittent wifi issues (running ping you get a bunch of regular activity, then some "request timed out" and "host unreachable", then it's back up again. I think that's probably a hardware issue.

Is there anything else I should check? If not, thanks again for all your help.

Link to post
Share on other sites

If the ping fails, the request timed out can mean that the destination host is down or that there is no route back to you. Destination Host Unreachable will show the IP address of the Router that tried to route the packet but did not have a valid route.

Yeah, I disabled the internal generic wifi and installed a Linksys 802.11n PCMICIA adapter I had laying around, and it's rock solid.

Thanks a lot for your time on this, though. Margarita's going to be very happy...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.