Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer continues to download malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer continues to download malware

Unread postby dreslick » June 10th, 2011, 10:35 pm

Hello, I have a windows 7 laptop that continues to download malware. I have done several Malwarebytes Anti-Malware Scans and TDSSKiller scans and Malwarebytes continues to pick up various malware. It all started when the computer crashed with a Blue Screen of Death and an error in ioState.sys. I was able to get the computer stable, but it continues to become infected. Here are the requested logs:


.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Matthew at 20:45:42 on 2011-06-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1868 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSNA
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PrnStatusMX] c:\program files\hewlett-packard\prnstatusmx\PrnStatusMX.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Security_Solution_2011] "c:\windows\system32\config\systemprofile\appdata\roaming\security_solution_2011\Security Solution.exe" /STARTUP
dRun: [Security Solution 2011] c:\windows\system32\config\systemprofile\appdata\roaming\security_solution_2011\securitymanager.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab ... detect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 207.199.252.1 207.199.252.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c} : DhcpNameServer = 207.199.252.1 207.199.252.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\256425F4E445 : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\643435 : DhcpNameServer = 198.147.162.6 198.147.162.15
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\76271697661627D6 : DhcpNameServer = 167.142.225.3 167.142.225.5
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\8435F523E64664C627 : DhcpNameServer = 198.147.162.6 198.147.162.15
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-6 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-6 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-6 61960]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-1-31 7680]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-31 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-31 859136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-26 39984]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\pgeffect.sys [2010-1-31 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-31 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-31 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]
.
=============== Created Last 30 ================
.
2011-06-10 18:20:09 -------- d-----w- c:\users\matthew\appdata\local\Apple
2011-06-10 12:46:22 0 ---ha-w- c:\users\matthew\appdata\local\BIT1602.tmp
2011-06-10 03:17:13 -------- d-----w- C:\Security_Solution_2011
2011-06-09 23:30:37 0 ---ha-w- c:\users\matthew\appdata\local\BITFF73.tmp
2011-06-09 23:03:44 -------- d-----w- C:\Quarantine
2011-06-09 03:36:31 -------- d-----w- c:\windows\pss
2011-06-07 18:50:14 -------- d-----w- c:\users\matthew\appdata\local\Apple Computer
2011-06-07 12:14:35 -------- d-----w- c:\users\matthew\appdata\local\Adobe
2011-06-07 01:53:25 922304 ----a-w- c:\windows\system32\0.3533597561389846.exe
2011-06-06 18:45:08 0 ---ha-w- c:\users\matthew\appdata\local\BIT11CB.tmp
2011-06-06 18:42:14 0 ---ha-w- c:\users\matthew\appdata\local\BITE4D2.tmp
2011-06-06 13:52:39 -------- d-----w- c:\users\matthew\appdata\roaming\Avira
2011-06-06 13:52:04 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-06 13:52:04 -------- d-----w- c:\programdata\Avira
2011-06-06 13:52:04 -------- d-----w- c:\program files\Avira
2011-06-06 00:39:28 870912 ----a-w- c:\programdata\F52C.tmp
2011-06-05 04:37:49 0 ---ha-w- c:\users\matthew\appdata\local\BIT6509.tmp
2011-05-25 13:44:16 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 01:54:23 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-25 01:54:23 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-25 01:53:15 -------- d-----w- c:\program files\iPod
2011-05-25 01:53:14 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-25 01:53:14 -------- d-----w- c:\program files\iTunes
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-25 01:52:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-05-25 01:51:11 -------- d-----w- c:\program files\Bonjour
2011-05-12 02:43:29 123904 ----a-w- c:\windows\system32\poqexec.exe
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 20:47:11.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2010 3:34:02 PM
System Uptime: 6/10/2011 8:44:46 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 243.887 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP331: 4/26/2011 10:22:14 PM - Windows Update
RP332: 4/28/2011 7:18:28 AM - Windows Update
RP333: 4/28/2011 4:49:26 PM - Windows Update
RP334: 4/30/2011 7:35:04 AM - Windows Update
RP335: 5/6/2011 2:17:18 PM - Windows Update
RP336: 5/11/2011 10:35:10 PM - Windows Update
RP337: 5/12/2011 1:01:31 PM - Windows Update
RP338: 5/12/2011 11:28:38 PM - Windows Update
RP339: 5/14/2011 11:25:59 PM - Windows Update
RP340: 5/24/2011 8:52:41 PM - Installed iTunes
RP341: 5/25/2011 10:25:39 PM - Windows Update
RP342: 6/3/2011 9:42:08 AM - Scheduled Checkpoint
RP343: 6/10/2011 2:24:54 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bible Collection
Bonjour
Cognitive Tutor
Compatibility Pack for the 2007 Office system
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet TV for Windows Media Center
iTunes
Java(TM) 6 Update 14
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
MSVCRT
Musicnotes Software Suite 1.5.3
MyToshiba
Netflix in Windows Media Center
NetZero Launcher
PlayReady PC Runtime x86
Quickbooks Financial Center
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Launcher
Skype Toolbars
Skype™ 5.1
Synaptics Pointing Device Driver
System Requirements Lab
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 9:44:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/9/2011 9:36:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b475b66, 0xb0b8542c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060911-45661-01.
6/9/2011 6:26:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/9/2011 6:00:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/9/2011 6:00:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
6/9/2011 6:00:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/9/2011 6:00:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/9/2011 6:00:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/9/2011 6:00:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/9/2011 6:00:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/9/2011 6:00:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/9/2011 6:00:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8330f419, 0x8d717b50, 0x8d717730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060911-47673-01.
6/9/2011 5:57:57 PM, Error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 5:57:57 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 5:57:56 PM, Error: Service Control Manager [7034] - The ConfigFree WiMAX Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 5:56:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 5:55:58 PM, Error: Service Control Manager [7034] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 3 time(s).
6/9/2011 5:55:58 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/9/2011 5:55:56 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 5:55:56 PM, Error: Service Control Manager [7034] - The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 5:55:55 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/9/2011 5:55:55 PM, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/9/2011 5:55:55 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 5:55:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Power Saver service to connect.
6/9/2011 5:55:54 PM, Error: Service Control Manager [7000] - The TOSHIBA Power Saver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2011 5:41:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b446b66, 0xb0fd042c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060911-23852-01.
6/9/2011 10:36:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b476b66, 0xaee9342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060911-45583-01.
6/9/2011 10:32:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44fb66, 0xb298142c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060911-48500-01.
6/9/2011 10:28:56 PM, Error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The system cannot find the path specified.
6/8/2011 6:38:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83300419, 0x8cb75b50, 0x8cb75730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-45973-01.
6/8/2011 4:26:33 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
6/8/2011 4:26:33 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
6/8/2011 4:26:33 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
6/8/2011 4:26:33 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
6/8/2011 2:26:18 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/8/2011 2:26:18 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/8/2011 2:26:18 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/8/2011 2:26:18 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/8/2011 10:57:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b448b66, 0xb281742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-23368-01.
6/8/2011 10:54:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b467b66, 0xb0d4742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-25833-01.
6/8/2011 10:50:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46db66, 0xb103342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-22776-01.
6/8/2011 10:42:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b476b66, 0xae8df42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-48968-01.
6/8/2011 10:35:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832fe419, 0x97d65b50, 0x97d65730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-48469-01.
6/8/2011 10:32:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832f8419, 0x8d71fb50, 0x8d71f730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-50637-01.
6/8/2011 10:22:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832d8419, 0x8d71fb50, 0x8d71f730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-49202-01.
6/8/2011 10:19:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8347b4a0, 0x8d717864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060811-46737-01.
6/7/2011 7:24:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832f4419, 0x8d723b50, 0x8d723730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060711-53243-01.
6/7/2011 7:19:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/7/2011 7:19:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/7/2011 7:13:40 AM, Error: Schannel [36887] - The following fatal alert was received: 47.
6/7/2011 6:14:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832ca419, 0x8d71bb50, 0x8d71b730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060711-43664-01.
6/7/2011 2:46:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c4419, 0x8d71fb50, 0x8d71f730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060711-47720-01.
6/7/2011 1:50:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/6/2011 8:03:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
6/6/2011 8:03:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000075, 0x00000002, 0x00000001, 0x832b488c). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-43914-01.
6/6/2011 7:37:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/6/2011 7:37:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834474a0, 0x8d72b864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-47393-01.
6/6/2011 7:33:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c5419, 0x8d717b50, 0x8d717730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-46737-01.
6/6/2011 2:08:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83309419, 0x8d713b50, 0x8d713730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-47939-01.
6/6/2011 12:57:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c8419, 0xaec1bb50, 0xaec1b730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50825-01.
6/6/2011 12:54:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83302419, 0xaf003b50, 0xaf003730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49795-01.
6/6/2011 12:51:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8348e4a0, 0x8d72b864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49218-01.
6/6/2011 12:48:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c9419, 0xaf11eb50, 0xaf11e730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50201-01.
6/6/2011 12:45:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834574a0, 0xaea17864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49686-01.
6/6/2011 12:42:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8344f4a0, 0xae84a864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49577-01.
6/6/2011 12:39:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8344d4a0, 0xae80b864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50076-01.
6/6/2011 12:36:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83301419, 0xae870b50, 0xae870730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50840-01.
6/6/2011 12:33:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8347b4a0, 0x8d727864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49592-01.
6/6/2011 10:17:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832f4419, 0x8d727b50, 0x8d727730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-44366-01.
6/6/2011 1:54:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b447b66, 0x96df942c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-24585-01.
6/6/2011 1:49:49 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 1:49:47 PM, Error: Service Control Manager [7034] - The TOSHIBA Power Saver service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 1:49:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b447b66, 0x9349342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-25240-01.
6/6/2011 1:46:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
6/6/2011 1:46:11 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2011 1:44:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b474b66, 0x95e3d42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-23493-01.
6/6/2011 1:42:00 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
6/6/2011 1:39:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46cb66, 0x99ded42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-24039-01.
6/6/2011 1:37:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/6/2011 1:37:13 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2011 1:33:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8348f4a0, 0x981bd864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49717-01.
6/6/2011 1:30:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c4419, 0x8d713b50, 0x8d713730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50279-01.
6/6/2011 1:27:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c2419, 0x983adb50, 0x983ad730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49951-01.
6/6/2011 1:24:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832f3419, 0x8d713b50, 0x8d713730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-51277-01.
6/6/2011 1:21:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832c8419, 0x9a385b50, 0x9a385730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49436-01.
6/6/2011 1:18:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834504a0, 0x8d71f864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-49826-01.
6/6/2011 1:15:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834794a0, 0x97de9864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50216-01.
6/6/2011 1:12:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834504a0, 0x98bf9864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50450-01.
6/6/2011 1:09:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834564a0, 0xae276864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50466-01.
6/6/2011 1:06:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834424a0, 0x9b4a4864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50715-01.
6/6/2011 1:03:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x834464a0, 0x8d727864, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50138-01.
6/6/2011 1:00:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x83302419, 0x97dc1b50, 0x97dc1730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060611-50497-01.
6/5/2011 9:23:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b479b66, 0xb162b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45973-02.
6/5/2011 9:01:21 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
6/5/2011 9:01:21 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
6/5/2011 9:01:20 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
6/5/2011 9:01:19 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/5/2011 9:01:19 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/5/2011 9:01:19 AM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/5/2011 9:01:19 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
6/5/2011 9:01:19 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
6/5/2011 8:59:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45cb66, 0xb183742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-48079-01.
6/5/2011 8:55:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b479b66, 0xb320f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46425-01.
6/5/2011 8:50:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46fb66, 0xb19df42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45146-01.
6/5/2011 8:46:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46db66, 0xb262f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45911-01.
6/5/2011 8:41:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b461b66, 0xb170b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46020-02.
6/5/2011 8:37:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b456b66, 0xb160742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46207-01.
6/5/2011 8:32:57 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47eb66, 0xb184f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-47034-01.
6/5/2011 8:28:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b447b66, 0xb1a6342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46394-01.
6/5/2011 8:24:03 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45eb66, 0xb1be342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-47533-01.
6/5/2011 8:19:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47bb66, 0xb01dd42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45973-01.
6/5/2011 8:15:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b456b66, 0xb15fd42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46581-01.
6/5/2011 8:10:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b450b66, 0xb19fb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46113-02.
6/5/2011 8:08:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x832d9419, 0xae52bb50, 0xae52b730). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-44413-01.
6/5/2011 8:06:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b470b66, 0xb145742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46425-02.
6/5/2011 8:01:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b455b66, 0xb1c6742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45957-01.
6/5/2011 7:57:22 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47db66, 0xb15d742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46987-01.
6/5/2011 7:52:53 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b452b66, 0xb158742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45365-01.
6/5/2011 7:48:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b477b66, 0xb1d8b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46004-01.
6/5/2011 7:44:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b442b66, 0xb160f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45817-01.
6/5/2011 7:39:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44cb66, 0x82f5f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46067-03.
6/5/2011 7:35:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b445b66, 0xb185342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46051-02.
6/5/2011 7:30:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b454b66, 0xb1ce342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46082-01.
6/5/2011 7:26:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b451b66, 0xae63342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45006-01.
6/5/2011 7:26:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b473b66, 0xb165742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46051-01.
6/5/2011 7:21:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b466b66, 0xb186742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45567-01.
6/5/2011 7:17:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b454b66, 0xb1df342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45427-01.
6/5/2011 7:12:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44db66, 0xb185742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-44912-01.
6/5/2011 7:08:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b463b66, 0xb1c6742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46379-01.
6/5/2011 7:03:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45bb66, 0xb1adf42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-48173-01.
6/5/2011 6:59:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45db66, 0xb16a342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46410-01.
6/5/2011 6:55:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000004, 0x00000002, 0x00000001, 0x832b84f4). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-46971-01.
6/5/2011 6:54:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46eb66, 0xb188b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-49499-01.
6/5/2011 6:49:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47bb66, 0xaea2742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-48048-01.
6/5/2011 6:33:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46db66, 0xb200342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-48812-01.
6/5/2011 12:43:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b443b66, 0xb16ed42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-34070-01.
6/5/2011 12:32:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b476b66, 0x82f5342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-30529-01.
6/5/2011 12:20:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b448b66, 0xb18af42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-43524-01.
6/5/2011 12:16:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b647b66, 0xb1bfb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-45224-01.
6/5/2011 12:12:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b441b66, 0xb243342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-47502-01.
6/5/2011 11:52:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47cb66, 0xb0da342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-48859-01.
6/5/2011 1:26:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b478b66, 0xb25b642c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-43118-01.
6/5/2011 1:23:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b466b66, 0xb1a4b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060511-36363-01.
6/4/2011 9:30:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44eb66, 0xb1a1742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-44709-01.
6/4/2011 9:26:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47db66, 0xb0d9b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46613-01.
6/4/2011 9:15:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
6/4/2011 9:15:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46ab66, 0xaf16742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-49530-01.
6/4/2011 9:13:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b470b66, 0xb08ed42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-17425-01.
6/4/2011 9:11:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b464b66, 0xb13f542c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45895-01.
6/4/2011 9:09:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47bb66, 0xb12ef42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-18361-01.
6/4/2011 9:06:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47eb66, 0xaf1ed42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47533-02.
6/4/2011 9:05:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b470b66, 0xb37bf42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-16848-01.
6/4/2011 9:02:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47db66, 0xb2e3342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47907-01.
6/4/2011 9:01:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b464b66, 0x8279542c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-22760-01.
6/4/2011 8:58:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b447b66, 0xb207d42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-50247-01.
6/4/2011 8:54:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b448b66, 0xb17b342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-49639-02.
6/4/2011 8:20:00 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
6/4/2011 8:06:54 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
6/4/2011 6:42:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45cb66, 0xb2e1b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-48625-01.
6/4/2011 6:38:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b452b66, 0xb0ffb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46316-01.
6/4/2011 6:34:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46bb66, 0xb165342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45739-01.
6/4/2011 6:29:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b449b66, 0xb14eb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45443-01.
6/4/2011 6:25:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47ab66, 0xb112142c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46956-01.
6/4/2011 6:21:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b480b66, 0xb0c8742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47486-01.
6/4/2011 6:16:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b477b66, 0xb2c0b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46675-01.
6/4/2011 6:12:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b461b66, 0xb01cf42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45677-02.
6/4/2011 6:07:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b471b66, 0xb2c1b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47658-02.
6/4/2011 6:03:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b480b66, 0xafc2f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46472-01.
6/4/2011 5:58:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b467b66, 0xb2a0f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45786-01.
6/4/2011 5:54:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b454b66, 0xb3c0f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46363-01.
6/4/2011 5:49:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46fb66, 0xb124342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47658-01.
6/4/2011 5:45:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45fb66, 0xb2c0342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45942-01.
6/4/2011 5:41:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b474b66, 0xb282b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46113-01.
6/4/2011 5:36:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b451b66, 0xb2a3742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46488-01.
6/4/2011 5:32:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46bb66, 0xb343b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46035-01.
6/4/2011 5:27:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b473b66, 0xb280342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45817-01.
6/4/2011 5:25:11 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/4/2011 5:23:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b478b66, 0xb322742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45365-01.
6/4/2011 5:18:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b479b66, 0xafdf742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45146-01.
6/4/2011 5:14:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b444b66, 0xb2c0f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46238-01.
6/4/2011 5:10:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b444b66, 0xb0feb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47049-01.
6/4/2011 5:05:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47cb66, 0xb0e7b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45848-01.
6/4/2011 5:01:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46db66, 0xb2c0742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46410-01.
6/4/2011 4:56:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b461b66, 0xb2e0f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45661-01.
6/4/2011 4:52:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b479b66, 0xb0dd742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47174-01.
6/4/2011 4:47:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44cb66, 0xb2a4142c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-48095-01.
6/4/2011 4:43:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44fb66, 0x82e9542c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45614-01.
6/4/2011 4:38:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46db66, 0xb2c3742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-48017-01.
6/4/2011 4:34:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b470b66, 0xb11db42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-49592-01.
6/4/2011 4:30:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47db66, 0xb11e942c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-48375-01.
6/4/2011 4:25:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45eb66, 0xb107b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-48906-01.
6/4/2011 12:42:00 PM, Error: Service Control Manager [7023] - The Google Update Service (gupdate) service terminated with the following error: %%-2147467243
6/4/2011 12:41:59 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/4/2011 12:41:59 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
6/4/2011 12:41:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/4/2011 12:41:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/4/2011 12:41:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/4/2011 12:40:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b441b66, 0xafd5742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46301-01.
6/4/2011 12:36:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44bb66, 0x8d69642c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-33914-01.
6/4/2011 11:36:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b452b66, 0xb1bb742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45723-01.
6/4/2011 11:31:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b472b66, 0xb17e342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46394-01.
6/4/2011 11:27:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47fb66, 0xb165742c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45926-01.
6/4/2011 11:22:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44ab66, 0xb194b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46862-01.
6/4/2011 11:18:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b464b66, 0xb188b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45708-01.
6/4/2011 11:13:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b463b66, 0xb2e0342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46550-01.
6/4/2011 11:09:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b46cb66, 0xb19ff42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45833-02.
6/4/2011 11:04:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b446b66, 0xb1adf42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46301-01.
6/4/2011 11:00:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b45eb66, 0xb20d342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47283-01.
6/4/2011 10:56:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b44db66, 0xb243b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46597-01.
6/4/2011 10:51:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b47db66, 0xb1a8b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46129-01.
6/4/2011 10:47:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b448b66, 0xb280f42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46815-01.
6/4/2011 10:42:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b463b66, 0xb1c4342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45630-01.
6/4/2011 10:38:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b464b66, 0xb145b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45911-01.
6/4/2011 10:33:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b454b66, 0xb19e942c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46441-01.
6/4/2011 10:29:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b447b66, 0xb18c342c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46223-01.
6/4/2011 10:24:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b461b66, 0xb1a0b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47205-01.
6/4/2011 10:20:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b449b66, 0xb19e142c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-45209-01.
6/4/2011 10:15:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b478b66, 0x978cb42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46691-01.
6/4/2011 10:11:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b472b66, 0xb186b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-47627-01.
6/4/2011 10:06:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8b448b66, 0xb0b5b42c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 060411-46004-01.
6/10/2011 8:45:39 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/10/2011 8:42:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/10/2011 7:15:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/10/2011 7:14:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2011 7:14:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache MpFilter spldr ssmdrv Wanarpv6
6/10/2011 7:14:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/10/2011 1:51:27 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/10/2011 1:51:27 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/10/2011 1:51:27 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/10/2011 1:51:27 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================


Thank you for looking this over!
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Re: Computer continues to download malware

Unread postby torreattack » June 14th, 2011, 10:51 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi dreslick and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Computer continues to download malware

Unread postby torreattack » June 15th, 2011, 5:18 pm

Hi dreslick :

1. Are you hiding the Action Center Icon in the Start Menu and Taskbar?


Create a System Restore Point - W7
  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type Before Fix then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!




Windows 7 Advice
Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow.



You are running two antivirus at the same times.

Multiple Antivirus Programs
You are running more than 1 Antivirus program!
Avira AntiVir Personal - Free Antivirus
Microsoft Security Essentials
Running - more than one - antivirus program is not recommended because:
  1. They can conflict with each other.
  2. Report the other antivirus software as malicious.
  3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
  4. Can cause your computer to run slowly, become unstable and crash.
I strongly suggest you uninstall one of them. Which one, is your decision.



Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    control appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Adobe Reader 9.4.4
    Java(TM) 6 Update 14
    Search Toolbar

  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.




OTM
Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "0c8413c1-fad1-446c-8584-be50576f863e"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "472734EA-242A-422B-ADF8-83D1E48CC825"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "<NO NAME>"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    
    :Files
    c:\users\matthew\appdata\local\BIT1602.tmp
    C:\Security_Solution_2011
    c:\users\matthew\appdata\local\BITFF73.tmp
    c:\windows\system32\0.3533597561389846.exe
    c:\users\matthew\appdata\local\BIT11CB.tmp
    c:\users\matthew\appdata\local\BITE4D2.tmp
    c:\programdata\F52C.tmp
    c:\users\matthew\appdata\local\BIT6509.tmp
    c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    c:\program files\search toolbar
    c:\windows\system32\config\systemprofile\appdata\roaming\security_solution_2011
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Run RogueKiller
Please download RogueKiller.exe and save it to your desktop.

  • Now quit all running programs.
  • Right click RogueKiller.exe and select " Run as administrator " to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.



I saw you already have Malwarebytes Anti-Malware.
Please re-run Malwarebytes' Anti-Malware scan.

re-run Malwarebytes' Anti-Malware with Full Scan
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.



RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)



Checklist
Please restart your computer and post:
  • Answer regarding the Action Center Icon
  • OTM log
  • RogueKiller log
  • mbam-log-date (time).txt
  • RSIT log
  • An update on your problems


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:43 pm

Answer 1: I have looked at the action center icon information. Evidently I am hiding it because it is not there. I have opened the control panel to have a look at it and all notifications are checked.

Answer to antivirus issues: I have uninstalled both programs and will install AVG when we're finished.

Windows Restore point was created, but I think OTM deleted all the restore points -- is that correct?
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:43 pm

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcbccb87-9224-4b8d-b117-f56d924beb18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\0c8413c1-fad1-446c-8584-be50576f863e not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\472734EA-242A-422B-ADF8-83D1E48CC825 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\<NO NAME> not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
c:\users\matthew\appdata\local\BIT1602.tmp moved successfully.
C:\Security_Solution_2011 folder moved successfully.
c:\users\matthew\appdata\local\BITFF73.tmp moved successfully.
c:\windows\system32\0.3533597561389846.exe moved successfully.
c:\users\matthew\appdata\local\BIT11CB.tmp moved successfully.
c:\users\matthew\appdata\local\BITE4D2.tmp moved successfully.
File/Folder c:\programdata\F52C.tmp not found.
c:\users\matthew\appdata\local\BIT6509.tmp moved successfully.
c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
File/Folder c:\program files\search toolbar not found.
File/Folder c:\windows\system32\config\systemprofile\appdata\roaming\security_solution_2011 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew
->Temp folder emptied: 87428882 bytes
->Temporary Internet Files folder emptied: 25049509 bytes
->Java cache emptied: 36895749 bytes
->Flash cache emptied: 261768 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10942226 bytes
RecycleBin emptied: 6922530 bytes

Total Files Cleaned = 160.00 mb




OTM by OldTimer - Version 3.1.18.0 log created on 06152011_210601
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:45 pm

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6865

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/15/2011 9:44:34 PM
mbam-log-2011-06-15 (21-44-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 252158
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:48 pm

RSIT Log.txt File

Logfile of random's system information tool 1.08 (written by random/random)
Run by Matthew at 2011-06-15 21:46:04
Microsoft Windows 7 Home Premium
System drive C: has 251 GB (85%) free of 296 GB
Total RAM: 2940 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:16 PM, on 6/15/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Users\Matthew\Desktop\RSIT.exe
C:\Program Files\trend micro\Matthew.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... &bmod=TSNA
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Security_Solution_2011] "C:\windows\system32\config\systemprofile\AppData\Roaming\Security_Solution_2011\Security Solution.exe" /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Security_Solution_2011] "C:\windows\system32\config\systemprofile\AppData\Roaming\Security_Solution_2011\Security Solution.exe" /STARTUP (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 8152 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-08-11 2446648]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 476512]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-06 611672]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-09-17 611672]
"ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-08-17 1294136]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-11 1324384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-07-29 163840]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-29 7625248]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1077248]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-02 151064]
"NortonOnlineBackupReminder"=C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-07-16 529256]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-02 141848]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-02 174104]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"=C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [2009-08-06 264048]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-13 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MIF5BA~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-08-27 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-15 21:46:05 ----D---- C:\Program Files\trend micro
2011-06-15 21:46:04 ----D---- C:\rsit
2011-06-15 21:06:01 ----D---- C:\_OTM
2011-06-15 21:02:57 ----SHD---- C:\Config.Msi
2011-06-13 20:20:02 ----D---- C:\Program Files\QuickTime
2011-06-10 18:50:20 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_18.50.20_log.txt
2011-06-10 13:06:55 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_13.06.55_log.txt
2011-06-10 07:38:38 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_07.38.38_log.txt
2011-06-09 18:03:44 ----D---- C:\Quarantine
2011-06-08 22:36:31 ----D---- C:\windows\pss
2011-06-04 16:44:32 ----RASH---- C:\MSDOS.SYS
2011-06-04 16:44:32 ----RASH---- C:\IO.SYS
2011-05-25 08:44:16 ----A---- C:\windows\system32\drivers\Diskdump.sys
2011-05-24 20:54:54 ----D---- C:\Users\Matthew\AppData\Roaming\Apple Computer
2011-05-24 20:54:23 ----A---- C:\windows\system32\GEARAspi.dll
2011-05-24 20:54:23 ----A---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-24 20:53:15 ----D---- C:\Program Files\iPod
2011-05-24 20:53:14 ----D---- C:\Program Files\iTunes
2011-05-24 20:52:15 ----D---- C:\ProgramData\Apple Computer
2011-05-24 20:51:33 ----D---- C:\Program Files\Apple Software Update
2011-05-24 20:51:11 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2011-06-15 21:46:05 ----RD---- C:\Program Files
2011-06-15 21:21:19 ----D---- C:\windows\system32\config
2011-06-15 21:14:45 ----D---- C:\windows\inf
2011-06-15 21:14:45 ----AD---- C:\windows\System32
2011-06-15 21:14:45 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-06-15 21:09:38 ----D---- C:\windows\Temp
2011-06-15 21:07:38 ----D---- C:\windows\tracing
2011-06-15 21:06:43 ----D---- C:\windows\Prefetch
2011-06-15 21:06:39 ----AD---- C:\Windows
2011-06-15 21:06:02 ----HD---- C:\ProgramData
2011-06-15 21:03:57 ----SHD---- C:\windows\Installer
2011-06-15 21:03:12 ----SHD---- C:\System Volume Information
2011-06-15 21:03:02 ----D---- C:\Program Files\Common Files
2011-06-15 21:03:01 ----D---- C:\ProgramData\Adobe
2011-06-15 20:58:00 ----D---- C:\windows\system32\drivers
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot2
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot
2011-06-15 18:37:34 ----D---- C:\windows\winsxs
2011-06-13 20:22:08 ----A---- C:\windows\ntbtlog.txt
2011-06-09 22:36:08 ----D---- C:\windows\Minidump
2011-06-09 22:27:10 ----D---- C:\windows\Tasks
2011-06-09 22:01:59 ----D---- C:\ProgramData\Malwarebytes
2011-06-09 18:28:07 ----D---- C:\windows\system
2011-06-05 18:27:44 ----AD---- C:\ProgramData\TEMP
2011-06-05 18:27:21 ----D---- C:\Users\Matthew\AppData\Roaming\Adobe
2011-06-05 12:28:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-05 12:14:15 ----D---- C:\windows\system32\LogFiles
2011-06-05 06:58:07 ----D---- C:\windows\system32\NDF
2011-06-04 08:03:58 ----D---- C:\windows\system32\drivers\etc
2011-05-24 20:54:23 ----DC---- C:\windows\system32\DRVSTORE
2011-05-24 20:53:14 ----D---- C:\Program Files\Common Files\Apple
2011-05-24 20:51:34 ----D---- C:\windows\system32\Tasks
2011-05-24 20:51:26 ----D---- C:\windows\system32\DriverStore
2011-05-17 07:33:26 ----D---- C:\windows\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\windows\system32\DRIVERS\tos_sps32.sys [2009-07-24 275536]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 5946368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-29 2735504]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CDASPROT;Anti-Spyware For Dummies; \??\C:\Program Files\For Dummies\Anti-Spyware\cdasprot.sys []
S3 PCDSRVC{E4743EB3-6EDD5748-06000000}_0;PCDSRVC{E4743EB3-6EDD5748-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\lenovo hard drive quick test\pcdsrvc.pkms []
S3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-08-05 171520]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 464224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-27 820520]
R3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1343400]

-----------------EOF-----------------
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:48 pm

info.txt file from RSIT

info.txt logfile of random's system information tool 1.08 2011-06-15 21:46:18

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Build-a-lot 3\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Jewel Quest Solitaire 3\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Scrabble\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\TOSHIBA Games\Zuma Deluxe\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Apple Application Support-->MsiExec.exe /I{853A4763-6643-4604-8D64-28BDD8925F4C}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Bible Collection-->MsiExec.exe /I{5B34B49F-E10E-4C1E-A0AA-92238D439FBE}
Bonjour-->MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Graphics Media Accelerator Driver-->C:\windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Internet TV for Windows Media Center-->MsiExec.exe /X{9D318C86-AF4C-409F-A6AC-7183FF4CF424}
iTunes-->MsiExec.exe /I{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}
Malwarebytes' Anti-Malware version 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007-->MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Musicnotes Software Suite 1.5.3-->"C:\Program Files\Musicnotes\unins000.exe"
MyToshiba-->MsiExec.exe /X{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}
Netflix in Windows Media Center-->MsiExec.exe /X{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}
NetZero Launcher-->C:\Program Files\InstallShield Installation Information\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}\setup.exe -runfromtemp -l0x0009 -removeonly
PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
Quickbooks Financial Center-->C:\Program Files\InstallShield Installation Information\{3B843B38-04B1-4CE6-8888-586273E0F289}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
Realtek WLAN Driver-->MsiExec.exe /X{0FB630AB-7BD8-40AE-B223-60397D57C3C9}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Launcher-->C:\Program Files\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype Toolbars-->MsiExec.exe /I{A29549FD-65F3-440C-A552-6B8114CF319D}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
Toshiba Application and Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonly
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0409
TOSHIBA eco Utility-->C:\Program Files\InstallShield Installation Information\{53536479-DFB0-47ED-9D10-43F3708C222D}\setup.exe -runfromtemp -l0x0409
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0409 -removeonly
TOSHIBA Face Recognition-->MsiExec.exe /X{C730E42C-935A-45BB-A0C5-37E5234D111B}
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0387727-C89D-4774-B643-B9333EAA09DE}\setup.exe" -l0x9
TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
TOSHIBA HDD/SSD Alert-->C:\Program Files\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe -runfromtemp -l0x0409
Toshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}
Toshiba Quality Application-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonly
TOSHIBA Recovery Media Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe
TOSHIBA Web Camera Application-->C:\Program Files\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe -runfromtemp -l0x0009 -removeonly
ToshibaRegistration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB2536413)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {95DF5260-331D-4FFD-A2D5-C64164751945}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WildTangent Games-->"C:\Program Files\TOSHIBA Games\Uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Center Add-in for Flash-->MsiExec.exe /X{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}

Hosts File Missing
======System event log======

Computer Name: Matthew-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 100576
Source Name: RTL8167
Time Written: 20110218030513.652827-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 100541
Source Name: RTL8167
Time Written: 20110218001819.883607-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 100525
Source Name: RTL8167
Time Written: 20110217234300.693421-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 100511
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110217133203.434429-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Matthew-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 100507
Source Name: RTL8167
Time Written: 20110217133151.666807-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Matthew-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 145655
Source Name: TOSHIBA Service Station
Time Written: 20110227002930.000000-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 145654
Source Name: TOSHIBA Service Station
Time Written: 20110227002930.000000-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 0
Message: Skipping empty element [tsu:setup_args]
Record Number: 145653
Source Name: TOSHIBA Service Station
Time Written: 20110227002930.000000-000
Event Type: Warning
User:

Computer Name: Matthew-PC
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 145645
Source Name: Microsoft-Windows-CAPI2
Time Written: 20110227000455.679284-000
Event Type: Error
User:

Computer Name: Matthew-PC
Event Code: 0
Message: Error checking dependency [d2dcfea7-bea6-45e7-85ee-a4a2f7e2332d]: Unable to retrieve file version!
Record Number: 145636
Source Name: TOSHIBA Service Station
Time Written: 20110227000418.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Matthew-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-U1M025QJ846$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Matthew
Account Domain: WIN-U1M025QJ846
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x3e0
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 21168
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101022022646.699603-000
Event Type: Audit Success
User:

Computer Name: Matthew-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21167
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101022021547.516154-000
Event Type: Audit Success
User:

Computer Name: Matthew-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-U1M025QJ846$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x228
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21166
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101022021547.516154-000
Event Type: Audit Success
User:

Computer Name: Matthew-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: WIN-U1M025QJ846$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {8863042C-55CD-4D77-B585-8A152A47E255}
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 21165
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101022011224.073474-000
Event Type: Audit Success
User:

Computer Name: Matthew-PC
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: WIN-U1M025QJ846$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: {8863042C-55CD-4D77-B585-8A152A47E255}
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\6e6d1555cca3bc0a95333573df943ebe_b22bf9f1-9eb9-4279-8e54-3418ecb0ba27
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 21164
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101022011224.073474-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby dreslick » June 15th, 2011, 10:50 pm

I have left the computer on over three days so far and have not had any trouble with malware downloading. I am not sure if / when it will happen again.
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby torreattack » June 16th, 2011, 1:37 pm

Hi dreslick :

Windows Restore point was created, but I think OTM deleted all the restore points -- is that correct?

The "[ClearAllRestorePoints]" CMD clears all the old restore points then creates a new one.

I have left the computer on over three days so far and have not had any trouble with malware downloading.

Good news! :cheers:

I am not sure if / when it will happen again.

Don't worry, we will do a few test to double check it.


Let's begin.

Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.



re-run OTM
  • Right-click OTM.exe from your Desktop.and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Security_Solution_2011"=-
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Security_Solution_2011"=-
    
    :Files
    C:\Program Files\Java
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Online file scanner
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Program Files\For Dummies\Anti-Spyware\cdasprot.sys

Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Please copy... the above full path and file name(s)...
  3. Press the Browse button and paste the copied name into the "File name:" text box... then press Open.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total
  1. Please copy... the above full path and file name(s)...
  2. Press the Browse button and paste the copied name into the "File name:" text box... then press Open.
    The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed...press the "Compact" icon
  6. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Virus Total results in your next reply.



Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Checklist
Please post:
  • Security Check log
  • OTM log
  • Online scanning result log
  • New RSIT log


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Computer continues to download malware

Unread postby dreslick » June 16th, 2011, 3:14 pm

I do not have this file:

C:\Program Files\For Dummies\Anti-Spyware\cdasprot.sys
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby torreattack » June 16th, 2011, 6:11 pm

Hi dreslick :

Please post:
  • Security Check log
  • OTM log
  • New RSIT log

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Computer continues to download malware

Unread postby dreslick » June 16th, 2011, 10:49 pm

Dear torreattack,

Here are the logs you requested. Thank you for your help!

dreslick


Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matthew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security_Solution_2011 deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security_Solution_2011 not found.
========== FILES ==========
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6\bin folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
C:\Program Files\Java folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew
->Temp folder emptied: 1299 bytes
->Temporary Internet Files folder emptied: 1909962 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2757236 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06162011_134934


Logfile of random's system information tool 1.08 (written by random/random)
Run by Matthew at 2011-06-16 21:44:33
Microsoft Windows 7 Home Premium
System drive C: has 250 GB (85%) free of 296 GB
Total RAM: 2940 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:44:38 PM, on 6/16/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Matthew\Desktop\RSIT.exe
C:\Program Files\trend micro\Matthew.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... &bmod=TSNA
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Security Solution 2011] C:\windows\system32\config\systemprofile\AppData\Roaming\Security_Solution_2011\securitymanager.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Security Solution 2011] C:\windows\system32\config\systemprofile\AppData\Roaming\Security_Solution_2011\securitymanager.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 8034 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-08-11 2446648]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 476512]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-06 611672]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-09-17 611672]
"ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-08-17 1294136]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-11 1324384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-07-29 163840]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-29 7625248]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1077248]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-02 151064]
"NortonOnlineBackupReminder"=C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-07-16 529256]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-02 141848]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-02 174104]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"=C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [2009-08-06 264048]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-13 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-08-27 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-15 21:46:05 ----D---- C:\Program Files\trend micro
2011-06-15 21:46:04 ----D---- C:\rsit
2011-06-15 21:06:01 ----D---- C:\_OTM
2011-06-15 18:38:15 ----A---- C:\windows\system32\drivers\srv2.sys
2011-06-15 18:38:14 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-06-15 18:38:14 ----A---- C:\windows\system32\drivers\srv.sys
2011-06-15 18:38:11 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-06-15 18:38:10 ----A---- C:\windows\system32\drivers\afd.sys
2011-06-15 18:38:08 ----A---- C:\windows\system32\oleaut32.dll
2011-06-15 18:38:05 ----A---- C:\windows\system32\drivers\dfsc.sys
2011-06-15 18:38:04 ----A---- C:\windows\system32\inetcomm.dll
2011-06-15 18:38:03 ----A---- C:\windows\system32\d3d10_1.dll
2011-06-15 18:38:01 ----A---- C:\windows\system32\mshtml.dll
2011-06-15 18:38:00 ----A---- C:\windows\system32\ieframe.dll
2011-06-15 18:37:59 ----A---- C:\windows\system32\urlmon.dll
2011-06-15 18:37:59 ----A---- C:\windows\system32\iertutil.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\wininet.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\mstime.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\mshtmled.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\msfeedsbs.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\msfeeds.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\licmgr10.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\jsproxy.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\ieui.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\iepeers.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\iedkcs32.dll
2011-06-15 18:37:56 ----A---- C:\windows\system32\msfeedssync.exe
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-06-13 20:20:02 ----D---- C:\Program Files\QuickTime
2011-06-10 18:50:20 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_18.50.20_log.txt
2011-06-10 13:06:55 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_13.06.55_log.txt
2011-06-10 07:38:38 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_07.38.38_log.txt
2011-06-09 18:03:44 ----D---- C:\Quarantine
2011-06-08 22:36:31 ----D---- C:\windows\pss
2011-06-04 16:44:32 ----RASH---- C:\MSDOS.SYS
2011-06-04 16:44:32 ----RASH---- C:\IO.SYS
2011-05-25 08:44:16 ----A---- C:\windows\system32\drivers\Diskdump.sys
2011-05-24 20:54:54 ----D---- C:\Users\Matthew\AppData\Roaming\Apple Computer
2011-05-24 20:54:23 ----A---- C:\windows\system32\GEARAspi.dll
2011-05-24 20:54:23 ----A---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-24 20:53:15 ----D---- C:\Program Files\iPod
2011-05-24 20:53:14 ----D---- C:\Program Files\iTunes
2011-05-24 20:52:15 ----D---- C:\ProgramData\Apple Computer
2011-05-24 20:51:33 ----D---- C:\Program Files\Apple Software Update
2011-05-24 20:51:11 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2011-06-16 21:44:38 ----D---- C:\windows\Prefetch
2011-06-16 18:49:33 ----D---- C:\windows\tracing
2011-06-16 13:54:33 ----D---- C:\windows\inf
2011-06-16 13:54:33 ----AD---- C:\windows\System32
2011-06-16 13:54:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-06-16 13:52:28 ----D---- C:\windows\Temp
2011-06-16 13:49:41 ----D---- C:\windows\system32\config
2011-06-16 13:49:36 ----RD---- C:\Program Files
2011-06-16 03:33:53 ----D---- C:\windows\winsxs
2011-06-16 03:20:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 03:19:31 ----D---- C:\windows\system32\migration
2011-06-16 03:19:31 ----D---- C:\windows\system32\drivers
2011-06-16 03:19:31 ----D---- C:\Program Files\Internet Explorer
2011-06-16 03:04:28 ----SHD---- C:\windows\Installer
2011-06-16 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2011-06-16 03:02:54 ----A---- C:\windows\system32\MRT.exe
2011-06-16 03:00:51 ----D---- C:\Program Files\Common Files\microsoft shared
2011-06-16 03:00:29 ----SHD---- C:\System Volume Information
2011-06-15 21:06:39 ----AD---- C:\Windows
2011-06-15 21:06:02 ----HD---- C:\ProgramData
2011-06-15 21:03:02 ----D---- C:\Program Files\Common Files
2011-06-15 21:03:01 ----D---- C:\ProgramData\Adobe
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot2
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot
2011-06-13 20:22:08 ----A---- C:\windows\ntbtlog.txt
2011-06-09 22:36:08 ----D---- C:\windows\Minidump
2011-06-09 22:27:10 ----D---- C:\windows\Tasks
2011-06-09 22:01:59 ----D---- C:\ProgramData\Malwarebytes
2011-06-09 18:28:07 ----D---- C:\windows\system
2011-06-05 18:27:44 ----AD---- C:\ProgramData\TEMP
2011-06-05 18:27:21 ----D---- C:\Users\Matthew\AppData\Roaming\Adobe
2011-06-05 12:28:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-05 12:14:15 ----D---- C:\windows\system32\LogFiles
2011-06-05 06:58:07 ----D---- C:\windows\system32\NDF
2011-06-04 08:03:58 ----D---- C:\windows\system32\drivers\etc
2011-05-24 20:54:23 ----DC---- C:\windows\system32\DRVSTORE
2011-05-24 20:53:14 ----D---- C:\Program Files\Common Files\Apple
2011-05-24 20:51:34 ----D---- C:\windows\system32\Tasks
2011-05-24 20:51:26 ----D---- C:\windows\system32\DriverStore
2011-05-17 07:33:26 ----D---- C:\windows\system32\FxsTmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\windows\system32\DRIVERS\tos_sps32.sys [2009-07-24 275536]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 5946368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-29 2735504]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CDASPROT;Anti-Spyware For Dummies; \??\C:\Program Files\For Dummies\Anti-Spyware\cdasprot.sys []
S3 PCDSRVC{E4743EB3-6EDD5748-06000000}_0;PCDSRVC{E4743EB3-6EDD5748-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\lenovo hard drive quick test\pcdsrvc.pkms []
S3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-08-05 171520]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 464224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-27 820520]
R3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1343400]

-----------------EOF-----------------
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm

Re: Computer continues to download malware

Unread postby torreattack » June 17th, 2011, 12:07 pm

Hi dreslick :

Thank you for your help!

You are welcome.

Let's begin.


ComboFix
Please download ImageComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 or Mirror #3

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!


The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  2. Right click the ComboFix.exe icon on your desktop and select " Run as administrator " to begin execution. If you receive the "Open File - Security Warning"... press Run.
  3. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  4. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  5. Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
    ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  6. Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **




No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.

  1. Antivir PersonalEdition Classic
  2. avast! Free Antivirus
  3. Microsoft Security Essentials


Installing a new AV product.
Do NOT unistall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.




Checklist
Please restart your computer and post:
  • Combofix log
  • New RSIT log


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Computer continues to download malware

Unread postby dreslick » June 17th, 2011, 10:52 pm

Here are the two logs you requested. I installed AVG Antivirus as I have used it before and trust it. The RSIT program was interrupted by AVG, but it looks like it worked OK. Combofix kept telling me Microsoft Security Essentials was active. I cannot see it anywhere in the start menu or in the installed programs area of the control panel. I actually uninstalled a couple of steps ago when you pointed out the two AV programs running together, so I'm not sure about the MSE stuff.

ComboFix 11-06-17.04 - Matthew 06/17/2011 18:38:50.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.2150 [GMT -5:00]
Running from: c:\users\Matthew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Local\{E9A5DAEF-EB5B-4FE7-8179-86D92DA0D024}
c:\users\Matthew\AppData\Local\{E9A5DAEF-EB5B-4FE7-8179-86D92DA0D024}\chrome.manifest
c:\users\Matthew\AppData\Local\{E9A5DAEF-EB5B-4FE7-8179-86D92DA0D024}\chrome\content\_cfg.js
c:\users\Matthew\AppData\Local\{E9A5DAEF-EB5B-4FE7-8179-86D92DA0D024}\chrome\content\overlay.xul
c:\users\Matthew\AppData\Local\{E9A5DAEF-EB5B-4FE7-8179-86D92DA0D024}\install.rdf
c:\users\Matthew\AppData\Roaming\Adobe\plugs
c:\users\Matthew\AppData\Roaming\Adobe\shed
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APTO6KO
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 23:42 . 2011-06-17 23:43 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2011-06-17 23:42 . 2011-06-17 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 23:35 . 2011-06-17 23:37 -------- d-----w- C:\32788R22FWJFW
2011-06-16 02:46 . 2011-06-17 02:44 -------- d-----w- c:\program files\trend micro
2011-06-16 02:46 . 2011-06-16 02:46 -------- d-----w- C:\rsit
2011-06-16 02:06 . 2011-06-16 02:06 -------- d-----w- C:\_OTM
2011-06-15 23:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 23:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 23:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 23:38 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 23:38 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 23:38 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 23:38 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 23:38 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 23:38 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 23:38 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-06-14 01:20 . 2011-06-14 01:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-06-14 01:20 . 2011-06-14 01:20 -------- d-----w- c:\program files\QuickTime
2011-06-10 18:20 . 2011-06-10 18:20 -------- d-----w- c:\users\Matthew\AppData\Local\Apple
2011-06-09 23:03 . 2011-06-09 23:04 -------- d-----w- C:\Quarantine
2011-06-07 18:50 . 2011-06-07 18:50 -------- d-----w- c:\users\Matthew\AppData\Local\Apple Computer
2011-06-07 12:14 . 2011-06-16 02:02 -------- d-----w- c:\users\Matthew\AppData\Local\Adobe
2011-05-25 13:44 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 01:54 . 2011-05-25 01:55 -------- d-----w- c:\users\Matthew\AppData\Roaming\Apple Computer
2011-05-25 01:54 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-25 01:54 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-25 01:53 . 2011-05-25 01:53 -------- d-----w- c:\program files\iPod
2011-05-25 01:53 . 2011-05-25 01:54 -------- d-----w- c:\program files\iTunes
2011-05-25 01:52 . 2011-05-25 01:53 -------- d-----w- c:\programdata\Apple Computer
2011-05-25 01:51 . 2011-05-25 01:51 -------- d-----w- c:\program files\Apple Software Update
2011-05-25 01:51 . 2011-05-25 01:51 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2010-03-26 13:51 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2010-03-26 13:51 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 06:13 . 2011-05-11 20:30 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 20:30 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-12 02:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1324384]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 CDASPROT;Anti-Spyware For Dummies;c:\program files\For Dummies\Anti-Spyware\cdasprot.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 PCDSRVC{E4743EB3-6EDD5748-06000000}_0;PCDSRVC{E4743EB3-6EDD5748-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\lenovo hard drive quick test\pcdsrvc.pkms [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:37]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 207.199.252.1 207.199.252.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}: DhcpNameServer = 207.199.252.1 207.199.252.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\256425F4E445: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\643435: DhcpNameServer = 198.147.162.6 198.147.162.15
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\76271697661627D6: DhcpNameServer = 167.142.225.3 167.142.225.5
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\8435F523E64664C627: DhcpNameServer = 198.147.162.6 198.147.162.15
TCP: Interfaces\{fac0a732-85d9-4aac-9f8b-15b64912059c}\E4544574541425: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Cognitive Tutor - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCDSRVC{E4743EB3-6EDD5748-06000000}_0]
"ImagePath"="\??\c:\program files\lenovo hard drive quick test\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2849546234-2839618405-1666514763-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,2c,8c,bc,a9,18,f9,bf,b3,52,fc,ec,91,ee,a6,b3,11,3b,11,ca,e2,6f,f2,
f5,0b,ac,bc,c5,3a,a6,32,78,a6,8b,aa,5b,40,2c,9f,b2,a2,41,bc,01,b8,4a,0c,7c,\
"??"=hex:0c,8c,1e,26,08,e7,6a,72,d7,9d,17,3a,4e,07,ae,36
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3980)
c:\windows\system32\CmdLineExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-06-17 18:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-17 23:47
.
Pre-Run: 260,771,033,088 bytes free
Post-Run: 260,519,489,536 bytes free
.
- - End Of File - - 22A2BBE26EC213A72453BA028FF3F48F


Logfile of random's system information tool 1.08 (written by random/random)
Run by Matthew at 2011-06-17 21:44:38
Microsoft Windows 7 Home Premium
System drive C: has 250 GB (85%) free of 296 GB
Total RAM: 2940 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:08 PM, on 6/17/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Matthew\Desktop\RSIT.exe
C:\Program Files\trend micro\Matthew.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... &bmod=TSNA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 7679 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-05-05 2257760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-02-11 1246600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"=C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-08-11 2446648]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-08-05 476512]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-08-06 611672]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-09-17 611672]
"ToshibaServiceStation"=C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-08-17 1294136]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-08-11 1324384]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-20 1545512]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-07-28 460088]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-07-29 163840]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-29 7625248]
"PrnStatusMX"=C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [2007-08-29 1077248]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-02 151064]
"NortonOnlineBackupReminder"=C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [2009-07-16 529256]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-27 421160]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-02 141848]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 55160]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-02 174104]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-08-05 738616]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-04-18 2334560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"=C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [2009-08-06 264048]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-08-27 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2009-07-13 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-06-17 20:22:47 ----D---- C:\Users\Matthew\AppData\Roaming\AVG10
2011-06-17 20:15:19 ----HD---- C:\ProgramData\Common Files
2011-06-17 20:14:43 ----D---- C:\windows\system32\drivers\AVG
2011-06-17 20:14:43 ----D---- C:\ProgramData\AVG10
2011-06-17 20:14:18 ----D---- C:\Program Files\AVG
2011-06-17 19:59:08 ----D---- C:\ProgramData\MFAData
2011-06-17 18:47:07 ----D---- C:\windows\temp
2011-06-17 18:47:06 ----A---- C:\ComboFix.txt
2011-06-17 18:43:53 ----D---- C:\$RECYCLE.BIN
2011-06-17 18:37:56 ----A---- C:\windows\zip.exe
2011-06-17 18:37:56 ----A---- C:\windows\SWSC.exe
2011-06-17 18:37:56 ----A---- C:\windows\SWREG.exe
2011-06-17 18:37:56 ----A---- C:\windows\sed.exe
2011-06-17 18:37:56 ----A---- C:\windows\PEV.exe
2011-06-17 18:37:56 ----A---- C:\windows\NIRCMD.exe
2011-06-17 18:37:56 ----A---- C:\windows\MBR.exe
2011-06-17 18:37:56 ----A---- C:\windows\grep.exe
2011-06-17 18:37:52 ----D---- C:\windows\ERDNT
2011-06-17 18:35:10 ----D---- C:\Qoobox
2011-06-17 18:35:07 ----D---- C:\32788R22FWJFW
2011-06-15 21:46:05 ----D---- C:\Program Files\trend micro
2011-06-15 21:46:04 ----D---- C:\rsit
2011-06-15 21:06:01 ----D---- C:\_OTM
2011-06-15 18:38:15 ----A---- C:\windows\system32\drivers\srv2.sys
2011-06-15 18:38:14 ----A---- C:\windows\system32\drivers\srvnet.sys
2011-06-15 18:38:14 ----A---- C:\windows\system32\drivers\srv.sys
2011-06-15 18:38:11 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-06-15 18:38:10 ----A---- C:\windows\system32\drivers\afd.sys
2011-06-15 18:38:08 ----A---- C:\windows\system32\oleaut32.dll
2011-06-15 18:38:05 ----A---- C:\windows\system32\drivers\dfsc.sys
2011-06-15 18:38:04 ----A---- C:\windows\system32\inetcomm.dll
2011-06-15 18:38:03 ----A---- C:\windows\system32\d3d10_1.dll
2011-06-15 18:38:01 ----A---- C:\windows\system32\mshtml.dll
2011-06-15 18:38:00 ----A---- C:\windows\system32\ieframe.dll
2011-06-15 18:37:59 ----A---- C:\windows\system32\urlmon.dll
2011-06-15 18:37:59 ----A---- C:\windows\system32\iertutil.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\wininet.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\mstime.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\mshtmled.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\msfeedsbs.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\msfeeds.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\licmgr10.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\jsproxy.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\ieui.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\iepeers.dll
2011-06-15 18:37:57 ----A---- C:\windows\system32\iedkcs32.dll
2011-06-15 18:37:56 ----A---- C:\windows\system32\msfeedssync.exe
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 18:37:44 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2011-06-13 20:20:02 ----D---- C:\Program Files\QuickTime
2011-06-10 18:50:20 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_18.50.20_log.txt
2011-06-10 13:06:55 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_13.06.55_log.txt
2011-06-10 07:38:38 ----A---- C:\TDSSKiller.2.5.4.0_10.06.2011_07.38.38_log.txt
2011-06-09 18:03:44 ----D---- C:\Quarantine
2011-06-08 22:36:31 ----D---- C:\windows\pss
2011-06-04 16:44:32 ----RASH---- C:\MSDOS.SYS
2011-06-04 16:44:32 ----RASH---- C:\IO.SYS
2011-05-25 08:44:16 ----A---- C:\windows\system32\drivers\Diskdump.sys
2011-05-24 20:54:54 ----D---- C:\Users\Matthew\AppData\Roaming\Apple Computer
2011-05-24 20:54:23 ----A---- C:\windows\system32\GEARAspi.dll
2011-05-24 20:54:23 ----A---- C:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-24 20:53:15 ----D---- C:\Program Files\iPod
2011-05-24 20:53:14 ----D---- C:\Program Files\iTunes
2011-05-24 20:52:15 ----D---- C:\ProgramData\Apple Computer
2011-05-24 20:51:33 ----D---- C:\Program Files\Apple Software Update
2011-05-24 20:51:11 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2011-06-17 21:45:00 ----D---- C:\windows\Prefetch
2011-06-17 21:43:53 ----AD---- C:\windows\System32
2011-06-17 21:42:33 ----D---- C:\windows\system32\config
2011-06-17 21:25:02 ----D---- C:\windows\tracing
2011-06-17 20:15:44 ----SHD---- C:\windows\Installer
2011-06-17 20:15:19 ----D---- C:\ProgramData
2011-06-17 20:15:06 ----D---- C:\windows\system32\drivers
2011-06-17 20:14:28 ----SHD---- C:\System Volume Information
2011-06-17 20:14:18 ----RD---- C:\Program Files
2011-06-17 20:13:58 ----D---- C:\windows\winsxs
2011-06-17 18:47:49 ----D---- C:\windows\inf
2011-06-17 18:47:49 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-06-17 18:47:07 ----AD---- C:\Windows
2011-06-17 18:43:54 ----A---- C:\windows\system.ini
2011-06-17 18:43:47 ----D---- C:\windows\system32\drivers\etc
2011-06-17 18:42:13 ----D---- C:\Users\Matthew\AppData\Roaming\Adobe
2011-06-17 18:42:12 ----D---- C:\windows\Downloaded Program Files
2011-06-17 18:40:44 ----D---- C:\windows\AppPatch
2011-06-17 18:40:43 ----D---- C:\Program Files\Common Files
2011-06-16 03:20:21 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 03:19:31 ----D---- C:\windows\system32\migration
2011-06-16 03:19:31 ----D---- C:\Program Files\Internet Explorer
2011-06-16 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2011-06-16 03:02:54 ----A---- C:\windows\system32\MRT.exe
2011-06-16 03:00:51 ----D---- C:\Program Files\Common Files\microsoft shared
2011-06-15 21:03:01 ----D---- C:\ProgramData\Adobe
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot2
2011-06-15 18:37:38 ----D---- C:\windows\system32\catroot
2011-06-13 20:22:08 ----A---- C:\windows\ntbtlog.txt
2011-06-09 22:36:08 ----D---- C:\windows\Minidump
2011-06-09 22:27:10 ----D---- C:\windows\Tasks
2011-06-09 22:01:59 ----D---- C:\ProgramData\Malwarebytes
2011-06-09 18:28:07 ----D---- C:\windows\system
2011-06-05 18:27:44 ----AD---- C:\ProgramData\TEMP
2011-06-05 12:28:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-05 12:14:15 ----D---- C:\windows\system32\LogFiles
2011-06-05 06:58:07 ----D---- C:\windows\system32\NDF
2011-05-24 20:54:23 ----DC---- C:\windows\system32\DRVSTORE
2011-05-24 20:53:14 ----D---- C:\Program Files\Common Files\Apple
2011-05-24 20:51:34 ----D---- C:\windows\system32\Tasks
2011-05-24 20:51:26 ----D---- C:\windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\windows\system32\DRIVERS\tos_sps32.sys [2009-07-24 275536]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 23512]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 FwLnk;FwLnk Driver; C:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-08-27 5946368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-29 2735504]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-20 213552]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\Matthew\AppData\Local\Temp\catchme.sys []
S3 CDASPROT;Anti-Spyware For Dummies; \??\C:\Program Files\For Dummies\Anti-Spyware\cdasprot.sys []
S3 PCDSRVC{E4743EB3-6EDD5748-06000000}_0;PCDSRVC{E4743EB3-6EDD5748-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\lenovo hard drive quick test\pcdsrvc.pkms []
S3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-08-05 171520]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 128344]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-08-05 464224]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-27 820520]
S2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1343400]

-----------------EOF-----------------
dreslick
Regular Member
 
Posts: 33
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware